Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-21 | CVE-2022-26174 | Improper Encoding or Escaping of Output vulnerability in Beekeeperstudio Beekeeper-Studio A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. | 9.8 |
| 2022-03-15 | CVE-2021-45848 | Improper Encoding or Escaping of Output vulnerability in multiple products Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. | 7.5 |
| 2022-03-14 | CVE-2022-22734 | Improper Encoding or Escaping of Output vulnerability in Sedlex Simple Quotation 1.3.2 The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. | 6.1 |
| 2022-03-11 | CVE-2022-22151 | Improper Encoding or Escaping of Output vulnerability in Yokogawa products CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | 8.1 |
| 2022-02-26 | CVE-2020-27958 | Improper Encoding or Escaping of Output vulnerability in OSU Ohio Supercomputer Center Open Ondemand The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | 4.3 |
| 2022-02-16 | CVE-2022-25235 | Improper Encoding or Escaping of Output vulnerability in multiple products xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | 9.8 |
| 2022-02-14 | CVE-2021-43106 | Improper Encoding or Escaping of Output vulnerability in Compassplus products A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. | 6.1 |
| 2022-02-09 | CVE-2022-23620 | Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 5.4 |
| 2022-02-09 | CVE-2022-24682 | Improper Encoding or Escaping of Output vulnerability in Zimbra Collaboration An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. | 6.1 |
| 2022-02-01 | CVE-2022-0220 | Improper Encoding or Escaping of Output vulnerability in Welaunch Wordpress Gdpr&Ccpa The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. | 6.1 |