CWE-86: CWE-86

Total CVEs

Critical

High

7.3

Avg CVSS

Yearly Trend

2026

2025

2024

2023

Top Affected Vendors

1 Cisco 2

2 Mozilla 1

3 Xwiki 1

4 Yokogawa 1

All CWE-86 CVEs (6)

CVE-2025-66606

9.6

A URL encoding vulnerability in Yokogawa's FAST/TOOLS industrial control system allows attackers to manipulate web pages or execute malicious scripts....

Feb 9, 2026

CVE-2023-31126

9.0

This vulnerability in XWiki's XML library allows attackers to inject arbitrary HTML code through invalid data attributes, leading to cross-site script...

May 9, 2023

CVE-2024-21864

7.8

This vulnerability in Intel Arc and Iris Xe Graphics software allows an unauthenticated attacker on the same network to potentially escalate privilege...

May 16, 2024

CVE-2024-10941

6.5

This vulnerability allows malicious websites to crash Firefox browsers by including iframes with malformed URIs. It affects Firefox versions before 12...

Nov 6, 2024

CVE-2025-20168

5.4

An authenticated cross-site scripting (XSS) vulnerability in Cisco CSPC's web management interface allows attackers with low-privileged accounts to in...

Jan 8, 2025

CVE-2025-20166

5.4

This cross-site scripting (XSS) vulnerability in Cisco CSPC's web management interface allows authenticated attackers to inject malicious scripts. Att...

Jan 8, 2025

About CWE-86 (CWE-86)

Our database tracks 6 CVEs classified as CWE-86, with 2 rated critical and 1 rated high severity. The average CVSS score for CWE-86 vulnerabilities is 7.3.

External reference: View CWE-86 on MITRE CWE →

Monitor CWE-86 Vulnerabilities

Get alerted when new CWE-86 CVEs affect your infrastructure.

Start Monitoring Free