Vulnerabilities > Improper Encoding or Escaping of Output

DATE CVE VULNERABILITY TITLE RISK
2025-05-28 CVE-2025-25029 IBM Security Guardium 12.0 could allow a privileged user to download any file on the system due to improper escaping of input.
network
low complexity
CWE-116
4.9
2025-05-13 CVE-2025-47280 Improper Encoding or Escaping of Output vulnerability in Umbraco Forms
Umbraco Forms is a form builder that integrates with the Umbraco content management system.
network
low complexity
umbraco CWE-116
6.1
2025-04-30 CVE-2025-32974 Improper Encoding or Escaping of Output vulnerability in Xwiki
XWiki is a generic wiki platform.
network
low complexity
xwiki CWE-116
critical
9.0
2025-04-28 CVE-2025-23377 Improper Encoding or Escaping of Output vulnerability in Dell Powerprotect Data Manager 19.17/19.18
Dell PowerProtect Data Manager Reporting, version(s) 19.17, 19.18 contain(s) an Improper Encoding or Escaping of Output vulnerability.
local
low complexity
dell CWE-116
3.4
2025-04-09 CVE-2025-30657 An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts.
network
low complexity
CWE-116
5.3
2025-02-21 CVE-2025-27108 Improper Encoding or Escaping of Output vulnerability in Ryansolid DOM Expressions
dom-expressions is a Fine-Grained Runtime for Performant DOM Rendering.
network
low complexity
ryansolid CWE-116
6.1
2024-10-30 CVE-2024-10006 Improper Encoding or Escaping of Output vulnerability in Hashicorp Consul
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that using Headers in L7 traffic intentions could bypass HTTP header based access rules.
network
low complexity
hashicorp CWE-116
5.8
2024-10-25 CVE-2024-47549 Improper Encoding or Escaping of Output vulnerability in multiple products
Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser.
network
low complexity
toshibatec sharp CWE-116
6.1
2024-10-05 CVE-2024-47845 Improper Encoding or Escaping of Output vulnerability in Wikimedia Wikimedia-Extensions-Css
Improper Encoding or Escaping of Output vulnerability in The Wikimedia Foundation Mediawiki - CSS Extension allows Code Injection.This issue affects Mediawiki - CSS Extension: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2.
network
low complexity
wikimedia CWE-116
8.2
2024-09-30 CVE-2024-47531 Improper Encoding or Escaping of Output vulnerability in Clinical-Genomics Scout
Scout is a web-based visualizer for VCF-files.
network
low complexity
clinical-genomics CWE-116
3.5