CVE-2025-12697 Improper Encoding or Escaping of Output in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions...

Improper Encoding or Escaping of Output

Overview get-jwks is a Fetch utils for JWKS keys Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the getPublicKey process. An attacker can bypass issuer validation and gain unauthorized access by poisoning the JWKS cache with a crafted public key an...

CVE-2024-31868

CVE-2024-31868 affects Apache Zeppelin: improper encoding/escaping in the helium module enables cross-site scripting by modifying helium.json. Impact described as user-facing XSS; affects 0.8.2–0.11.0, fixed in 0.11.1. Remediation: upgrade to Zeppelin 0.11.1 or later. Other sources (Red Hat, Vera...

CVE-2023-3668

Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21...