Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-15 | CVE-2024-39736 | Improper Encoding or Escaping of Output vulnerability in IBM Datacap and Datacap Navigator IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
| 2024-07-01 | CVE-2024-38474 | Improper Encoding or Escaping of Output vulnerability in multiple products Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified. | 9.8 |
| 2024-06-09 | CVE-2024-5585 | Improper Encoding or Escaping of Output vulnerability in multiple products In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, the fix for CVE-2024-1874 does not work if the command name includes trailing spaces. | 8.8 |
| 2024-02-06 | CVE-2024-0690 | Improper Encoding or Escaping of Output vulnerability in multiple products An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. | 5.5 |
| 2024-02-03 | CVE-2024-1064 | Improper Encoding or Escaping of Output vulnerability in Craftycontrol Crafty Controller A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | 7.5 |
| 2024-02-02 | CVE-2023-47143 | Improper Encoding or Escaping of Output vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
| 2024-01-29 | CVE-2024-0987 | Improper Encoding or Escaping of Output vulnerability in Kuerp Project Kuerp 1.0.4 A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. | 9.8 |
| 2024-01-24 | CVE-2024-22229 | Improper Encoding or Escaping of Output vulnerability in Dell products Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. | 4.3 |
| 2024-01-16 | CVE-2023-7234 | Improper Encoding or Escaping of Output vulnerability in Integrationobjects OPC UA Server Toolkit OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field. | 5.3 |
| 2024-01-16 | CVE-2023-6005 | Improper Encoding or Escaping of Output vulnerability in Myeventon Eventon The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |