Vulnerabilities > Improper Encoding or Escaping of Output
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-23 | CVE-2022-41322 | Improper Encoding or Escaping of Output vulnerability in multiple products In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. | 7.8 |
| 2022-09-20 | CVE-2022-39956 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a partial rule set bypass for HTTP multipart requests by submitting a payload that uses a character encoding scheme via the Content-Type or the deprecated Content-Transfer-Encoding multipart MIME header fields that will not be decoded and inspected by the web application firewall engine and the rule set. | 9.8 |
| 2022-09-20 | CVE-2022-39957 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass. | 7.5 |
| 2022-09-20 | CVE-2022-39958 | Improper Encoding or Escaping of Output vulnerability in multiple products The OWASP ModSecurity Core Rule Set (CRS) is affected by a response body bypass to sequentially exfiltrate small and undetectable sections of data by repeatedly submitting an HTTP Range header field with a small byte range. | 7.5 |
| 2022-09-08 | CVE-2022-36099 | Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. | 8.8 |
| 2022-09-08 | CVE-2022-36100 | Improper Encoding or Escaping of Output vulnerability in Xwiki XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. | 8.8 |
| 2022-08-24 | CVE-2021-4041 | Improper Encoding or Escaping of Output vulnerability in Redhat Ansible Runner A flaw was found in ansible-runner. | 7.8 |
| 2022-08-18 | CVE-2020-36599 | Improper Encoding or Escaping of Output vulnerability in Omniauth lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value. | 9.8 |
| 2022-08-18 | CVE-2022-35153 | Improper Encoding or Escaping of Output vulnerability in Fusionpbx 5.0.1 FusionPBX 5.0.1 was discovered to contain a command injection vulnerability via /fax/fax_send.php. | 9.8 |
| 2022-08-12 | CVE-2022-2619 | Improper Encoding or Escaping of Output vulnerability in multiple products Insufficient validation of untrusted input in Settings in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted HTML page. | 4.3 |