CWE-116 · Improper Encoding or Escaping of Output
460 CVEs classified under CWE-116 (Improper Encoding or Escaping of Output). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-55730 | Critical | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5… |
CVE-2025-55729 | Critical | 10.0 | 2025-09-09 | XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to version 1.26.5… |
CVE-2023-47143 | Critical | 10.0 | 2024-02-02 | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.10 is vulnerable to HTTP header injection, caused by improper validation of input by… |
CVE-2026-42810 | Critical | 9.9 | 2026-05-04 | Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those… |
CVE-2025-49013 | Critical | 9.9 | 2025-06-09 | WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue a… |
CVE-2023-26472 | Critical | 9.9 | 2023-03-02 | XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by cre… |
CVE-2022-41934 | Critical | 9.9 | 2022-11-23 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible docum… |
CVE-2022-36100 | Critical | 9.9 | 2022-09-08 | XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform… |
CVE-2022-36099 | Critical | 9.9 | 2022-09-08 | XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior… |
CVE-2022-23603 | Critical | 9.9 | 2022-02-01 | iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitiz… |
CVE-2026-54133 | Critical | 9.8 | 2026-06-12 | jmespath.php allows users to use JMESPath, software for declaratively specifying how to extract elements from a JSON document, in PHP applications with PHP dat… |
CVE-2025-56266 | Critical | 9.8 | 2025-09-08 | A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL. |
CVE-2025-46347 | Critical | 9.8 | 2025-04-29 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, YesWiki vulnerable to remote code execution. An arbitrary file write can be used to write a fi… |
CVE-2025-31651 | Critical | 9.8 | 2025-04-28 | Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was poss… |
CVE-2024-10441 | Critical | 9.8 | 2025-03-19 | Improper encoding or escaping of output vulnerability in the system plugin daemon in Synology BeeStation OS (BSM) before 1.1-65374 and Synology DiskStation Man… |
CVE-2024-55663 | Critical | 9.8 | 2024-12-12 | XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering o… |
CVE-2024-38474 | Critical | 9.8 | 2024-07-01 | Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configur… |
CVE-2024-31866 | Critical | 9.8 | 2024-04-09 | Improper Encoding or Escaping of Output vulnerability in Apache Zeppelin. The attackers can execute shell scripts or malicious code by overriding configuratio… |
CVE-2023-38316 | Critical | 9.8 | 2023-11-17 | An issue was discovered in OpenNDS Captive Portal before version 10.1.2. When the custom unescape callback is enabled, attackers can execute arbitrary OS comma… |
CVE-2023-48655 | Critical | 9.8 | 2023-11-17 | An issue was discovered in MISP before 2.4.176. app/Controller/Component/IndexFilterComponent.php does not properly filter out query parameters. |