CWE-116— Improper Encoding or Escaping of Output
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.— MITRE CWE catalog
452 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-116page 8 of 10
- CVE-2025-66548MEDIUMCVSS 5.5EG 3.32025-12-05
Nextcloud Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. Prior to 1.12.7, 1.14.4, and 1.15.1, file extension can be spoofed by using RTLO characters, tricki…
- CVE-2025-68460HIGHCVSS 7.2EG 7.22025-12-18
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.
- CVE-2025-8276CRITICALCVSS 9.8EG 10.02025-09-16
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting'), Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulner…
- CVE-2025-8405HIGHCVSS 7.7EG 8.72025-12-11
GitLab has remediated a security issue in GitLab CE/EE affecting all versions from 17.1 before 18.4.6, 18.5 before 18.5.4, and 18.6 before 18.6.2 that could have allowed an authenticated user to perform unauthorized actions on behalf of ot…
- CVE-2025-9127MEDIUMCVSS 5.5EG 5.52025-12-04
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.
- CVE-2026-0818MEDIUMCVSS 4.3EG 4.32026-01-28
When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in wh…
- CVE-2026-1011MEDIUMCVSS 6.1EG 6.12026-01-16
A stored cross-site scripting (XSS) vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores ar…
- CVE-2026-12044HIGHCVSS 8.8EG 8.82026-06-19
SQL injection in pgAdmin 4 across every dialog template that renders ``COMMENT ON ... IS '<description>'`` for a user-supplied description field. The Jinja templates for Domains (and their constraints), Foreign Tables, Languages, and Event…
- CVE-2026-12047MEDIUMCVSS 5.4EG 3.52026-06-19
HTML injection in pgAdmin 4's cloud deployment module. The verify_credentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception t…
- CVE-2026-12048MEDIUMCVSS 5.4EG 9.32026-06-19
Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server (ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXP…
- CVE-2026-20136MEDIUMCVSS 6.0EG 6.02026-04-15
A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on…
- CVE-2026-20245HIGHCVSS 7.8EG 9.0⚠ KEV2026-06-04
A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local…
- CVE-2026-22712MEDIUMCVSS 4.3EG 4.32026-01-09
Improper Encoding or Escaping of Output due to magic word replacement in ParserAfterTidy vulnerability in The Wikimedia Foundation Mediawiki - ApprovedRevs Extension allows Input Data Manipulation.This issue affects Mediawiki - ApprovedRe…
- CVE-2026-22792CRITICALCVSS 9.6EG 9.62026-01-21
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML (including on* event attributes) to execute in the renderer cont…
- CVE-2026-23630MEDIUMCVSS 5.4EG 5.42026-01-21
Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting (XSS). The frontend can render attacker-controlled Mermaid di…
- CVE-2026-23880HIGHCVSS 7.3EG 7.32026-01-19
OnboardLite is a comprehensive membership lifecycle platform built for student organizations at the University of Central Florida. Versions of the software prior to commit 1d32081a66f21bcf41df1ecb672490b13f6e429f have a stored cross-site s…
- CVE-2026-2404MEDIUMCVSS 5.3EG 5.32026-04-14
CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload.
- CVE-2026-24127MEDIUMCVSS 5.4EG 5.42026-01-23
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value c…
- CVE-2026-24439MEDIUMCVSS 6.5EG 6.52026-01-26
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrect…
- CVE-2026-24737HIGHCVSS 8.1EG 8.12026-02-02
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass uns…
- CVE-2026-25230MEDIUMCVSS 4.6EG 4.62026-02-09
FileRise is a self-hosted web file manager / WebDAV server. Prior to 3.3.0, an HTML Injection vulnerability allows an authenticated user to modify the DOM and add e.g. form elements that call certain endpoints or link elements that redirec…
- CVE-2026-25543MEDIUMCVSS 6.1EG 6.12026-02-04
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The templat…
- CVE-2026-25755HIGHCVSS 8.8EG 8.82026-02-19
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the Ja…
- CVE-2026-25932HIGHCVSS 7.2EG 7.22026-04-06
GLPI is a Free Asset and IT Management Software package. From 0.60 to before 10.0.24, an authenticated technician user can store an XSS payload in a supplier fields. This vulnerability is fixed in 10.0.24.
- CVE-2026-25940HIGHCVSS 8.1EG 8.12026-02-19
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass uns…
- CVE-2026-26027HIGHCVSS 7.5EG 7.52026-04-06
GLPI is a free asset and IT management software package. From 11.0.0 to before 11.0.6, an unauthenticated user can store an XSS payload through the inventory endpoint. This vulnerability is fixed in 11.0.6.
- CVE-2026-26028MEDIUMCVSS 6.1EG 6.12026-05-20
CryptPad is an end-to-end encrypted collaborative office suite. In versions prior to 2026.2.0, the HTML sanitizer in Diffmarked.js can be bypassed due to incomplete attribute filtering on restricted tags. The sanitizer validates only the s…
- CVE-2026-27512MEDIUMCVSS 6.1EG 6.12026-02-23
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced conte…
- CVE-2026-28898MEDIUMCVSS 5.3EG 5.32026-06-12
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec did not validate pseudo-header values for control characters before placing them into the translated HTTP/1.1 message. swift-nio-http2 1.44.1 adds validation of all pseudo-header values (:path, :a…
- CVE-2026-28907HIGHCVSS 8.1EG 8.12026-05-11
The issue was addressed with improved input validation. This issue is fixed in Safari 26.5, iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted we…
- CVE-2026-31898MEDIUMCVSS 6.5EG 6.52026-03-18
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pas…
- CVE-2026-33436LOWCVSS 3.1EG 3.12026-04-17
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML with…
- CVE-2026-33597LOWCVSS 3.7EG 3.72026-04-22
PRSD detection denial of service
- CVE-2026-33657MEDIUMCVSS 4.6EG 4.62026-04-13
EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard (non-administrative) privileges to inject arbitrar…
- CVE-2026-33758MEDIUMCVSS 6.1EG 6.12026-03-27
OpenBao is an open source identity-based secrets management system. Prior to version 2.5.2, OpenBao installations that have an OIDC/JWT authentication method enabled and a role with `callback_mode=direct` configured are vulnerable to XSS v…
- CVE-2026-33941HIGHCVSS 8.2EG 8.22026-03-27
Handlebars provides the power necessary to let users build semantic templates. In versions 4.0.0 through 4.7.8, the Handlebars CLI precompiler (`bin/handlebars` / `lib/precompiler.js`) concatenates user-controlled strings — template file…
- CVE-2026-34246MEDIUMCVSS 4.8EG 4.82026-05-19
CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting (XSS) vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController…
- CVE-2026-34479HIGHCVSS 7.5EG 7.52026-04-10
The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters …
- CVE-2026-34480HIGHCVSS 7.5EG 7.52026-04-10
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#cha…
- CVE-2026-34481HIGHCVSS 7.5EG 7.52026-04-10
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, …
- CVE-2026-34483HIGHCVSS 7.5EG 7.52026-04-09
Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Us…
- CVE-2026-35208MEDIUMCVSS 5.4EG 5.42026-04-06
lichess.org is the forever free, adless and open source chess server. Any approved streamer can inject arbitrary HTML into /streamer and the homepage “Live streams” widget by placing markup in their Twitch/YouTube stream title. CSP is …
- CVE-2026-35534HIGHCVSS 7.6EG 7.62026-04-07
ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText() as an output sanitizer for HTML attribute context. The functi…
- CVE-2026-35569HIGHCVSS 8.7EG 8.72026-04-15
ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description), where user-controlled input is rendere…
- CVE-2026-35582HIGHCVSS 8.8EG 8.82026-04-18
Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /bin/sh -c shell command string without an…
- CVE-2026-3644HIGHCVSS 7.5EG 7.52026-03-16
The fix for CVE-2026-0672, which rejected control characters in http.cookies.Morsel, was incomplete. The Morsel.update(), |= operator, and unpickling paths were not patched, allowing control characters to bypass input validation. Additiona…
- CVE-2026-39826MEDIUMCVSS 6.1EG 6.12026-05-07
If a trusted template author were to write a <script> tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the <script> block.
- CVE-2026-40011LOWCVSS 3.7EG 3.72026-06-25
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected …
- CVE-2026-40021MEDIUMCVSS 5.3EG 5.32026-04-10
Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list , in versions before 3…
- CVE-2026-40023MEDIUMCVSS 5.3EG 5.32026-04-10
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets…
Map vulnerabilities like CWE-116 to your infrastructure
EchelonGraph correlates every CVE — across CWE-116 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →