Login Sign Up

CWE-116: CWE-116

80
Total CVEs
25
Critical
25
High
7.5
Avg CVSS

Yearly Trend

2026
12
2025
32
2024
14
2023
9
2022
7

Top Affected Vendors

1 Mozilla 5
2 Apache 5
3 Debian 4
4 Gitlab 3
5 Hallowelt 3
6 Git 3
7 Netapp 2
8 Fedoraproject 2
9 Ibm 2
10 Coollabs 2

All CWE-116 CVEs (80)

CVE-2025-55729
10.0

CVE-2025-55729 is a critical remote code execution vulnerability in XWiki Remote Macros that allows attackers to execute arbitrary code by exploiting ...

Sep 9, 2025
CVE-2022-23603
9.9

CVE-2022-23603 is a code injection vulnerability in iTunesRPC-Remastered, a Discord rich presence application for iTunes and Apple Music. Attackers ca...

Feb 1, 2022
CVE-2025-46347
9.8

YesWiki versions before 4.5.4 contain a remote code execution vulnerability that allows attackers to write arbitrary PHP files to the server. When exp...

Apr 29, 2025
CVE-2025-31651
9.8

This vulnerability in Apache Tomcat allows attackers to bypass security constraints by crafting requests that evade specific rewrite rules. It affects...

Apr 28, 2025
CVE-2024-10441
9.8

This critical vulnerability allows remote attackers to execute arbitrary code on Synology BeeStation and DiskStation systems due to improper output en...

Mar 19, 2025
CVE-2024-55663
9.8

This CVE describes an SQL injection vulnerability in XWiki Platform's getdocument.vm template where unsanitized request parameters allow HQL injection...

Dec 12, 2024
CVE-2024-38474
9.8

A substitution encoding vulnerability in Apache HTTP Server's mod_rewrite module allows attackers to bypass security restrictions and execute scripts ...

Jul 1, 2024
CVE-2024-31866
9.8

This vulnerability in Apache Zeppelin allows attackers to execute arbitrary shell scripts or malicious code by manipulating configuration variables li...

Apr 9, 2024
CVE-2023-38316
9.8

CVE-2023-38316 is a command injection vulnerability in OpenNDS Captive Portal that allows attackers to execute arbitrary operating system commands via...

Nov 17, 2023
CVE-2023-48655
9.8

This vulnerability in MISP (Malware Information Sharing Platform) allows blind SQL injection through improperly filtered array input parameters. Attac...

Nov 17, 2023
CVE-2023-46300
9.8

CVE-2023-46300 is a critical remote code execution vulnerability in iTerm2's tmux integration feature. Attackers can exploit this by sending specially...

Oct 22, 2023
CVE-2023-24480
9.8

This vulnerability allows remote attackers to cause a denial-of-service (DoS) condition in affected Honeywell controllers by sending specially crafted...

Jul 13, 2023
CVE-2022-46387
9.8

This vulnerability in ConEmu and Cmder terminal emulators allows attackers to inject malicious commands by manipulating the terminal title with contro...

Mar 28, 2023
CVE-2022-36446
9.8

CVE-2022-36446 is a command injection vulnerability in Webmin's apt-lib.pl module that allows remote attackers to execute arbitrary commands on affect...

Jul 25, 2022
CVE-2022-29599
9.8

This vulnerability in Apache Maven's maven-shared-utils allows shell injection attacks when the Commandline class processes double-quoted strings with...

May 23, 2022
CVE-2022-26174
9.8

CVE-2022-26174 is a remote code execution vulnerability in Beekeeper Studio database management software. Attackers can execute arbitrary code by inje...

Mar 21, 2022
CVE-2022-25235
9.8

CVE-2022-25235 is a critical vulnerability in Expat (libexpat) XML parser where improper UTF-8 character validation allows attackers to bypass securit...

Feb 16, 2022
CVE-2021-41132
9.8

CVE-2021-41132 is a critical cross-site scripting (XSS) vulnerability in OMERO.web that allows attackers to inject malicious scripts into web pages. T...

Oct 14, 2021
CVE-2021-28940
9.8

CVE-2021-28940 is a command injection vulnerability in MagpieRSS 0.72 that allows remote attackers to execute arbitrary commands on affected systems. ...

Apr 2, 2021
CVE-2026-22792
9.6

This vulnerability allows attackers to inject malicious HTML that executes arbitrary JavaScript in the 5ire desktop AI assistant renderer context. Thi...

Jan 21, 2026
CVE-2021-33672
9.6

CVE-2021-33672 is a critical cross-site scripting (XSS) vulnerability in SAP Contact Center's Communication Desktop component that allows remote code ...

Sep 14, 2021
CVE-2025-59936
9.4

CVE-2025-59936 is a cache poisoning vulnerability in get-jwks library that allows attackers to bypass JWT issuer validation. By manipulating cached JW...

Sep 27, 2025
CVE-2024-1874
9.4

This vulnerability allows remote command execution on Windows systems running vulnerable PHP versions. When using proc_open() with array syntax, insuf...

Apr 29, 2024
CVE-2026-27812
9.1

CVE-2026-27812 is a password reset poisoning vulnerability in Sub2API versions before 0.1.85 that allows attackers to manipulate password reset links ...

Feb 26, 2026
CVE-2025-40547
9.1

A logic error vulnerability in SolarWinds Serv-U allows administrators to execute arbitrary code. This affects Serv-U deployments where an attacker ga...

Nov 18, 2025
CVE-2024-52005
8.8

This vulnerability in Git allows malicious remote repositories to inject ANSI escape sequences into error messages displayed during clone/fetch/push o...

Jan 15, 2025
CVE-2023-29541
8.8

This vulnerability allows attackers to execute arbitrary commands on Linux systems by tricking users into downloading malicious .desktop files through...

Jun 2, 2023
CVE-2023-35941
8.6

This CVE allows a malicious client to create OAuth2 credentials with permanent validity in Envoy proxy's OAuth2 filter under specific scenarios. It af...

Jul 25, 2023
CVE-2025-55903
8.3

A HTML injection vulnerability in Perfex CRM v3.3.1 allows attackers to inject arbitrary HTML into the 'Bill To' address field in the estimate module....

Oct 10, 2025
CVE-2024-47845
8.2

This vulnerability allows attackers to inject malicious code through improper output encoding in MediaWiki's CSS Extension. It affects MediaWiki insta...

Oct 5, 2024
CVE-2026-25940
8.1

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects, including JavaScript actions, through user-controlled properties in the ...

Feb 19, 2026
CVE-2026-24737
8.1

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects, including JavaScript actions, through user-controlled input to specific ...

Feb 2, 2026
CVE-2025-11713
8.1

This vulnerability in Firefox and Thunderbird's 'Copy as cURL' feature allows insufficient escaping on Windows systems, potentially tricking users int...

Oct 14, 2025
CVE-2024-38473
8.1

This vulnerability in Apache HTTP Server's mod_proxy module allows attackers to send specially crafted requests with incorrect URL encoding to backend...

Jul 1, 2024
CVE-2024-4177
8.1

A host whitelist parser vulnerability in the GravityZone Update Server proxy service allows attackers to perform server-side request forgery (SSRF). T...

Jun 6, 2024
CVE-2025-59158
8.0

This stored XSS vulnerability in Coolify allows authenticated low-privilege users to inject malicious JavaScript into project names. When administrato...

Jan 5, 2026
CVE-2021-39170
8.0

CVE-2021-39170 is a stored cross-site scripting (XSS) vulnerability in Pimcore that allows authenticated users to inject malicious scripts into asset ...

Sep 1, 2021
CVE-2024-38177
7.8

This vulnerability allows attackers to spoof Windows App Installer packages, potentially tricking users into installing malicious applications. It aff...

Aug 13, 2024
CVE-2022-48339
7.8

CVE-2022-48339 is a command injection vulnerability in GNU Emacs' htmlfontify.el module. It allows attackers to execute arbitrary code by crafting mal...

Feb 20, 2023
CVE-2022-22992
7.8

This CVE describes a command injection vulnerability in Western Digital My Cloud devices that allows remote attackers to execute arbitrary system comm...

Jan 28, 2022
CVE-2025-8405
7.7

This vulnerability in GitLab allows authenticated users to inject malicious HTML into vulnerability code flow displays, enabling them to perform unaut...

Dec 11, 2025
CVE-2024-52006
7.5

This vulnerability allows attackers to inject malicious commands into Git credential helpers by exploiting how some ecosystems interpret carriage retu...

Jan 14, 2025
CVE-2024-46547
7.5

This vulnerability allows unauthorized users to access sensitive information through the PHP Info Page in Wampserver due to improper access control. A...

Dec 9, 2024
CVE-2024-34510
7.5

Gradio versions before 4.20 on Windows systems may leak credentials stored in environment variables or configuration files. This affects any Windows u...

May 5, 2024
CVE-2022-30781
7.5

CVE-2022-30781 is a remote code execution vulnerability in Gitea where improper escaping of git fetch remote parameters allows attackers to execute ar...

May 16, 2022
CVE-2021-41191
7.5

CVE-2021-41191 is an authentication bypass vulnerability in Roblox-Purchasing-Hub that allows unauthorized access to product files without requiring a...

Oct 27, 2021
CVE-2020-4850
7.5

IBM Spectrum Scale Transparent Cloud Tiering versions 1.1.1.0 through 1.1.8.4 contain leftover configuration files that could expose sensitive informa...

May 20, 2021
CVE-2025-68460
7.2

Roundcube Webmail contains an information disclosure vulnerability in its HTML style sanitizer that could allow attackers to extract sensitive data fr...

Dec 18, 2025
CVE-2023-3668
7.2

CVE-2023-3668 is an improper output encoding vulnerability in the Froxlor server management panel that allows cross-site scripting (XSS) attacks. Atta...

Jul 14, 2023
CVE-2025-24338
7.1

This vulnerability allows authenticated low-privileged attackers to execute arbitrary client-side code in other users' browsers via crafted HTTP reque...

Apr 30, 2025

About CWE-116 (CWE-116)

Our database tracks 80 CVEs classified as CWE-116, with 25 rated critical and 25 rated high severity. The average CVSS score for CWE-116 vulnerabilities is 7.5.

External reference: View CWE-116 on MITRE CWE →

Monitor CWE-116 Vulnerabilities

Get alerted when new CWE-116 CVEs affect your infrastructure.

Start Monitoring Free