Lucene search
K

251 matches found

Nuclei
Nuclei
added 7 hours ago11 views

Zimbra Collaboration Suite < 8.8.15 - Improper Encoding

An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 update 1, as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing...

6.1CVSS6.8AI score0.3106EPSS
Exploits2References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/24 6:29 p.m.3 views

Security Bulletin: Vulnerabilities found in Watson Data Intelligence

Summary Multiple Vulnerabilities were addressed in Watson Data Intelligence version 5.3.1-patch3. Vulnerability Details CVEID:CVE-2025-14917 DESCRIPTION: IBM WebSphere Application Server - Liberty 17.0.0.3 through 26.0.0.3 IBM WebSphere Application Server Liberty could provide weaker than expecte...

9.8CVSS6.6AI score0.0504EPSS
Exploits3Affected Software1
Snyk
Snyk
added 2026/06/12 9:0 p.m.9 views

Improper Encoding or Escaping of Output

Overview fabric is an Object model for HTML5 canvas, and SVG-to-canvas parser. Backed by jsdom and node-canvas. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the toSVG and getSvgStyles/getSvgSpanStyles paths in the gradient, object, and text SVG...

6.1CVSS5.5AI score0.00194EPSS
Exploits1References3
Hacker One
Hacker One
added 2026/06/10 4:40 a.m.12 views

Revive Adserver: Reflected XSS in stats‑video.php via improperly encoded URL parameters

A reflected XSS vulnerability was discovered in the stats‑video.php script due to improper encoding of user input in the URL parameters...

6.1CVSS5.8AI score0.00224EPSS
Exploits1
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/09 12:0 a.m.7 views

Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability

Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system...

7.8CVSS6.2AI score0.25323EPSS
In wildExploits2
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.11 views

CVE-2026-2404

CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /jsecurity check request payload...

6.9CVSS5.5AI score0.00186EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/27 12:3 a.m.11 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output that allows bypassing of the contenttypedenylist in the denylistedcontenttype? function. An attacker can upload files with MIME types containing unescaped regex metacharacters, including the + in...

6.1CVSS5.7AI score0.00223EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/26 12:59 p.m.14 views

Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

A flaw was found in the JsonAccessLogValve component of Apache Tomcat. This improper encoding or escaping of output vulnerability could allow an attacker to inject specially crafted data into log files. This could lead to information disclosure or other unintended consequences when the logs are...

7.5CVSS7AI score0.00461EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 12:55 p.m.8 views

Apache Tomcat: Apache Tomcat: Information disclosure due to improper encoding in JsonAccessLogValve

A flaw was found in the JsonAccessLogValve component of Apache Tomcat. This improper encoding or escaping of output vulnerability could allow an attacker to inject specially crafted data into log files. This could lead to information disclosure or other unintended consequences when the logs are...

7.5CVSS7AI score0.00461EPSS
Exploits0References5
Snyk
Snyk
added 2026/05/21 9:27 p.m.9 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the htmltomarkdown, markdowntohtml, and inlinecss filters due to incorrect declaration of output safety. An attacker can inject unescaped HTML or script content by supplying specially crafted...

6.1CVSS5.8AI score0.0006EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/21 8:43 p.m.9 views

Cross-site Scripting (XSS)

Overview @umbraco-cms/backoffice is a This package contains the types for the Umbraco Backoffice. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confirmation dialog element. An attacker can execute arbitrary scripts in the context of the affected application ...

4.8CVSS5.8AI score0.00136EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 3:21 p.m.8 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output due to improper escaping of single quotes in the SSH transport command construction process. An attacker can inject arbitrary shell tokens by including single quotes in the repository path,...

9.6CVSS6AI score0.00365EPSS
Exploits0References2
Atlassian
Atlassian
added 2026/05/15 7:49 a.m.23 views

Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Jira Service Management Data Center

This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in version 11.3.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N allows an unauthenticated attacker to...

7.5CVSS5.8AI score0.00461EPSS
Exploits0
Snyk
Snyk
added 2026/05/14 6:27 p.m.9 views

Improper Encoding or Escaping of Output

Overview launder is an A sanitize module for the people. Built for ApostropheCMS. Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the linkHref field handling. An attacker can execute arbitrary JavaScript by supplying a javascript: URL in an image...

7.3CVSS6.1AI score0.00211EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.9 views

Siemens Teamcenter 跨站脚本漏洞

Siemens Teamcenter is a software application for product lifecycle management developed by Siemens, a German company. Siemens Teamcenter has a cross-site scripting vulnerability, which arises from improperly encoding or filtering data provided by users, potentially allowing attackers to inject...

8.5CVSS7.1AI score0.00192EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/09 12:46 a.m.22 views

Improper Encoding or Escaping of Output

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output the styleObjectForEach and jsxAttr style serialization paths in the JSX runtime. An attacker can inject arbitrary CSS declarations by supplying...

5.3CVSS6.1AI score0.00197EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/07 9:18 p.m.14 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

4.8CVSS6AI score
Exploits0References3
Atlassian
Atlassian
added 2026/05/05 10:29 a.m.30 views

Improper Encoding org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center

This High severity Improper Encoding vulnerability known as CVE-2026-34483 was introduced in versions 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0. This Improper Encoding or Escaping of Output vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.8AI score0.00461EPSS
Exploits0
Redos
Redos
added 2026/05/05 12:0 a.m.9 views

ROS-20260505-73-0013

A vulnerability in the http.cookies library of the Python programming language interpreter CPython is related to improper encoding or escaping of output data. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality and integrity of protected information...

7.5CVSS7.3AI score0.00419EPSS
Exploits0
Snyk
Snyk
added 2026/05/04 6:26 p.m.9 views

Improper Encoding or Escaping of Output

Overview org.apache.polaris:polaris-core is an a catalog for data lakes. It provides new levels of choice, flexibility and control over data, with full enterprise security and Apache Iceberg interoperability across a multitude of engines and infrastructure Affected versions of this package are...

9.9CVSS5.8AI score0.00424EPSS
Exploits0References2
Rows per page
Query Builder