Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-116 (对输出编码和转义不恰当) — Vulnerability Class 127

127 vulnerabilities classified as CWE-116 (对输出编码和转义不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-12734 Improper Encoding or Escaping of Output in GitLab — GitLab 3.5 Low2025-12-11
CVE-2025-8405 Improper Encoding or Escaping of Output in GitLab — GitLab 7.7 High2025-12-11
CVE-2025-42896 Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence Platform — SAP BusinessObjects Business Intelligence Platform 5.4 Medium2025-12-09
CVE-2025-66548 Nextcloud Deck app allows to spoof file extensions by using RTLO characters — security-advisories 3.3 Low2025-12-05
CVE-2025-9127 PX Enterprise Improper Sanitization Vulnerability — PX Enterprise 6.5AIMediumAI2025-12-04
CVE-2025-40547 SolarWinds Serv-U Logic Abuse - Remote Code Execution Vulnerability — Serv-U 9.1 Critical2025-11-18
CVE-2025-11085 FactoryTalk® DataMosaix™ Private Cloud – Persistent XSS — FactoryTalk® DataMosaix™ Private Cloud 6.1 -2025-11-11
CVE-2025-46583 DOS Vulnerability in ZTE MC889A Pro product — MC889A Pro 5.3 Medium2025-10-27
CVE-2025-61912 python-ldap Vulnerable to Improper Encoding or Escaping of Output and Improper Null Termination — python-ldap 7.5AIHighAI2025-10-10
CVE-2025-0607 HTML Injection in Logo Software's Logo Cloud — Logo Cloud 4.3 Medium2025-10-06
CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass — get-jwks 5.9 -2025-09-27
CVE-2025-57880 Potential XSS in Extension:BlueSpiceWhoIsOnline — BlueSpice 6.1 -2025-09-19
CVE-2025-48007 Potential XSS in Extension:BlueSpiceAvatars — BlueSpice 6.1 -2025-09-19
CVE-2025-46703 Potential XSS in Extension:AtMentions — BlueSpice 6.1 -2025-09-19
CVE-2025-55730 XWiki Remote Macros vulnerable to remote code execution using the confluence paste code macro — xwiki-pro-macros 10.0 Critical2025-09-09
CVE-2025-55729 XWiki Remote Macros vulnerable to remote code execution using the ConfluenceLayoutSection macro — xwiki-pro-macros 10.0 Critical2025-09-09
CVE-2024-58266 shlex crate 安全漏洞 — shlex 3.2 Low2025-07-27
CVE-2025-48062 Discourse vulnerable to HTML injection when inviting to topic via email — discourse 7.1 High2025-06-09
CVE-2025-25029 IBM Security Guardium information disclosure — Security Guardium 4.9 Medium2025-05-28
CVE-2021-25262 Yandex Browser for Android prior to version 21.3.0 allows remote attackers to perform IDN homograph attack. — Browser 4.3AIMediumAI2025-05-21
CVE-2021-25254 Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar. — Browser Lite 5.3AIMediumAI2025-05-21
CVE-2025-1308 PX Backup Improper Sanitization Vulnerability — PX Backup 6.5AIMediumAI2025-05-19
CVE-2025-47280 Umbraco.Forms has HTML injection vulnerability in 'Send email' workflow — Umbraco.Forms.Issues 4.7AIMediumAI2025-05-13
CVE-2025-32974 org.xwiki.platform:xwiki-platform-security-requiredrights-default required rights analysis doesn't consider TextAreas with default content type — xwiki-platform 9.1 Critical2025-04-30
CVE-2025-24338 Bosch Rexroth ctrlX OS 安全漏洞 — ctrlX OS - Solutions 7.1 High2025-04-30
CVE-2025-46347 YesWiki Remote Code Execution via Arbitrary PHP File Write and Execution — yeswiki 8.8AIHighAI2025-04-29
CVE-2025-31651 Apache Tomcat: Bypass of rules in Rewrite Valve — Apache Tomcat 9.1AICriticalAI2025-04-28
CVE-2025-23377 Dell PowerProtect Data Manager Reporting 安全漏洞 — PowerProtect Data Manager 4.2 Medium2025-04-28
CVE-2025-32078 XSSes and potential RCE in Special:VersionCompare — Mediawiki - Version Compare Extension 6.1AIMediumAI2025-04-11
CVE-2025-32072 HTML injection in feed output from i18n message — Mediawiki Core - Feed Utils 6.5AIMediumAI2025-04-11

Vulnerabilities classified as CWE-116 (对输出编码和转义不恰当) represent 127 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.