CVE-2020-13654
7.5HIGH
XWiki Platform before 12.8 mishandles escaping in the property displayer.
XWiki Platform before 12.8 mishandles escaping in the property displayer.
12/31/2020CWE-116, CWE-116
Тип уязвимости
CWE-116
Все уязвимости CVE, классифицированные под этим типом уязвимости.
Посмотреть на MITRE CWEВсего CVE
15
Критические
4
В KEV
0
С эксплойтами
0
CVE-2023-3552
5.4MEDIUM
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.
7/8/2023CWE-116, CWE-116
CVE-2023-31669
5.5MEDIUM
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
WebAssembly wat2wasm v1.0.32 allows attackers to cause a libc++abi.dylib crash by putting '@' before a quote (").
5/23/2023CWE-116, CWE-116
CVE-2023-37875
3.0LOW
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.
Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.
9/12/2023CWE-116, CWE-79 +1
CVE-2023-26279
3.3LOW
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a local user to perform unauthorized actions due to improper encoding. IBM X-Force ID: 248160.
11/24/2023CWE-116, CWE-116
CVE-2022-29599
9.8CRITICAL
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.
5/23/2022CWE-116, CWE-116
CVE-2023-42183
5.3MEDIUM
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.
lockss-daemon (aka Classic LOCKSS Daemon) before 1.77.3 performs post-Unicode normalization, which may allow bypass of intended access restrictions, such as when U+1FEF is converted to a backtick.
12/15/2023CWE-116, CWE-116
CVE-2022-40870
8.1HIGH
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload inje
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload inje...
11/23/2022CWE-116, CWE-116
CVE-2021-42010
9.8CRITICAL
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
Heron versions <= 0.20.4-incubating allows CRLF log injection because of the lack of escaping in the log statements. Please update to version 0.20.5-incubating which addresses this issue.
10/24/2022CWE-116, CWE-116
CVE-2024-38177
7.8HIGH
Windows App Installer Spoofing Vulnerability
Windows App Installer Spoofing Vulnerability
8/13/2024CWE-116
CVE-2018-8920
7.2HIGH
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impa
Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impa...
12/24/2018CWE-116, CWE-116
CVE-2022-42948
9.8CRITICAL
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
Cobalt Strike 4.7.1 fails to properly escape HTML tags when they are displayed on Swing components. By injecting crafted HTML code, it is possible to remotely execute code in the Cobalt Strike UI.
3/24/2023CWE-116, CWE-116
CVE-2022-41322
7.8HIGH
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, the
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, the...
9/23/2022CWE-116, CWE-116
CVE-2022-23603
9.9CRITICAL
iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users
iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users ...
2/1/2022CWE-116, CWE-116
CVE-2024-34510
7.5HIGH
Gradio before 4.20 allows credential leakage on Windows.
Gradio before 4.20 allows credential leakage on Windows.
5/5/2024CWE-116