Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2024-0690 | Improper Encoding or Escaping of Output vulnerability in multiple products An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. | 5.5 |
| 2024-02-03 | CVE-2024-1064 | Improper Encoding or Escaping of Output vulnerability in Craftycontrol Crafty Controller A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | 7.5 |
| 2024-02-02 | CVE-2023-47143 | Improper Encoding or Escaping of Output vulnerability in IBM Tivoli Application Dependency Discovery Manager IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 9.8 |
| 2024-01-29 | CVE-2024-0987 | Improper Encoding or Escaping of Output vulnerability in Kuerp Project Kuerp 1.0.4 A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. | 9.8 |
| 2024-01-24 | CVE-2024-22229 | Improper Encoding or Escaping of Output vulnerability in Dell products Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. | 4.3 |
| 2024-01-16 | CVE-2023-7234 | Improper Encoding or Escaping of Output vulnerability in Integrationobjects OPC UA Server Toolkit OPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field. | 5.3 |
| 2024-01-16 | CVE-2023-6005 | Improper Encoding or Escaping of Output vulnerability in Myeventon Eventon The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 |
| 2024-01-16 | CVE-2024-0233 | Improper Encoding or Escaping of Output vulnerability in Myeventon Eventon The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2023-12-15 | CVE-2023-42183 | Improper Encoding or Escaping of Output vulnerability in Lockss Classic Lockss Daemon 1.75.9/1.76.5 lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick. | 5.3 |
| 2023-11-24 | CVE-2023-26279 | Improper Encoding or Escaping of Output vulnerability in IBM Qradar Wincollect 10.0/10.0.1/10.1.6 IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. | 7.8 |