Vulnerabilities > Improper Encoding or Escaping of Output
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-05-16 | CVE-2022-30781 | Improper Encoding or Escaping of Output vulnerability in Gitea Gitea before 1.16.7 does not escape git fetch remote. | 7.5 |
2022-05-06 | CVE-2021-39027 | Improper Encoding or Escaping of Output vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. | 5.0 |
2022-05-03 | CVE-2021-29854 | Improper Encoding or Escaping of Output vulnerability in IBM Maximo Application Suite and Maximo Asset Management IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. | 4.3 |
2022-04-07 | CVE-2022-0935 | Improper Encoding or Escaping of Output vulnerability in Livehelperchat Live Helper Chat Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97. | 6.8 |
2022-04-01 | CVE-2022-0741 | Improper Encoding or Escaping of Output vulnerability in Gitlab Improper input validation in all versions of GitLab CE/EE using sendmail to send emails allowed an attacker to steal environment variables via specially crafted email addresses. | 7.5 |
2022-03-28 | CVE-2022-0450 | Improper Encoding or Escaping of Output vulnerability in Freshlightlab Menu Image, Icons Made Easy The Menu Image, Icons made easy WordPress plugin before 3.0.6 does not have authorisation and CSRF checks when saving menu settings, and does not validate, sanitise and escape them. | 5.4 |
2022-03-21 | CVE-2022-26174 | Improper Encoding or Escaping of Output vulnerability in Beekeeperstudio Beekeeper-Studio A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. | 9.8 |
2022-03-15 | CVE-2021-45848 | Improper Encoding or Escaping of Output vulnerability in multiple products Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. | 7.5 |
2022-03-14 | CVE-2022-22734 | Improper Encoding or Escaping of Output vulnerability in Sedlex Simple Quotation 1.3.2 The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. | 6.1 |
2022-03-11 | CVE-2022-22151 | Improper Encoding or Escaping of Output vulnerability in Yokogawa products CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | 4.9 |