Skip to main content

CWE-86

Improper Neutralization of Invalid Characters in Identifiers in Web Pages

9 CVEs Avg CVSS 6.6 MITRE
2
CRITICAL
1
HIGH
6
MEDIUM
0
LOW
0
POC
0
KEV

Monthly

CVE-2026-28417 MEDIUM PATCH This Month

Arbitrary command execution in Vim's netrw plugin prior to version 9.2.0073 allows attackers to execute shell commands with user privileges by crafting malicious URLs (such as scp:// handlers) that users are tricked into opening. The vulnerability requires user interaction but poses a local privilege escalation risk in multi-user environments. A patch is available in Vim 9.2.0073 and later.

Command Injection Vim Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
4.4
EPSS
0.0%
CVE-2025-66606 CRITICAL Act Now

Yokogawa FAST/TOOLS has a third vulnerability involving improper encoding of output that could enable injection attacks against the SCADA web interface.

Information Disclosure Fast Tools
NVD
CVSS 3.1
9.6
EPSS
0.0%
CVE-2025-20168 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller Common Services Platform Collector
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-20167 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller Common Services Platform Collector
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-20166 MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller Common Services Platform Collector
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-10941 MEDIUM This Month

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-21864 HIGH This Week

Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Intel
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2023-22840 MEDIUM This Month

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Onevpl Gpu Runtime Fedora
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2023-31126 Maven CRITICAL PATCH Act Now

`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub
CVSS 3.1
9.6
EPSS
0.8%
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Arbitrary command execution in Vim's netrw plugin prior to version 9.2.0073 allows attackers to execute shell commands with user privileges by crafting malicious URLs (such as scp:// handlers) that users are tricked into opening. The vulnerability requires user interaction but poses a local privilege escalation risk in multi-user environments. A patch is available in Vim 9.2.0073 and later.

Command Injection Vim Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

Yokogawa FAST/TOOLS has a third vulnerability involving improper encoding of output that could enable injection attacks against the SCADA web interface.

Information Disclosure Fast Tools
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Cisco XSS Crosswork Network Controller +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A malicious website could have included an iframe with an malformed URI resulting in a non-exploitable browser crash. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Mozilla Firefox
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper neutralization in some Intel(R) Arc(TM) & Iris(R) Xe Graphics software before version 31.0.101.5081 may allow an unauthenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper neutralization in software for the Intel(R) oneVPL GPU software before version 22.6.5 may allow an authenticated user to potentially enable denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Intel Onevpl Gpu Runtime +1
NVD
EPSS 1% CVSS 9.6
CRITICAL PATCH Act Now

`org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Xwiki
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy