2399 matches found
PT-2026-31126
🚨CVE CVE-2026-39487 Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ameliabooking Amelia ameliabooking allows Blind SQL https://t.co/fl64XWhsLE… https://t.co/SLjDDfvUPc ----- Traducción: CVE-202… https://t.co/utmtNgl3sv...
CVE-2025-24817 An OS Command Injection vulnerability in Nokia MantaRay NM
Nokia MantaRay NM is vulnerable to an OS command injection vulnerability due to improper neutralization of special elements used in an OS command in Symptom Collector application...
CVE-2025-24817
Nokia MantaRay NM (Symptom Collector) is reported to be vulnerable to an OS command injection caused by improper neutralization of special elements in an OS command. CVSS v3.1 base score 8.0 (HIGH) with adjacent attack vector, low attack complexity, and low privileges required, no user interactio...
EUVD-2026-18851
Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview org.webjars.npm:electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...
EUVD-2026-18174
An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getinfo endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
CVE-2026-33616
An unauthenticated remote attacker can exploit an unauthenticated blind SQL Injection vulnerability in the mb24api endpoint due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...
Improper Neutralization
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Neutralization via the approval prompt process. An attacker can inject malicious ANSI escape sequences into terminal output by supplying crafted tool metadata, potentially spoofi...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the processing of deprecated workflow commands in untrusted input. An attacker can inject arbitrary environment variables or modify the...
PT-2026-28691
Name of the Vulnerable Software and Affected Versions letta-ai letta version 0.16.4 Description A flaw exists in the resolve type function within the letta/functions/ast parsers.py file. This issue involves improper neutralization of directives in dynamically evaluated code, potentially allowing...
CVE-2025-14684
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...
CVE-2025-70024
An issue pertaining to CWE-89: Improper Neutralization of Special Elements used in an SQL Command was discovered in benkeen generatedata 4.0.14...
CVE-2026-32358
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdevelop Booking Calendar booking allows Blind SQL Injection.This issue affects Booking Calendar: from n/a through = 10.14.15...
CVE-2025-14684
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...
CVE-2025-14684
CVE-2025-14684 affects IBM Maximo Application Suite - Monitor Component. Root cause: improper neutralization of special elements when written to log files, enabling log forgery. Affected versions: Monitor Component 8.10, 8.11, 9.0, 9.1. Remediation/fixes: update to Monitor Component versions 8.10...
CVE-2025-14684
IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files...
EUVD-2026-15489
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pebas Lisfinity Core lisfinity-core allows SQL Injection.This issue affects Lisfinity Core: from n/a through = 1.5.0...
PT-2026-28030
Name of the Vulnerable Software and Affected Versions Miraculous Core Plugin versions prior to 2.1.2 Description The Miraculous Core Plugin contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. This allows for potential...
PT-2026-27925
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...
PT-2026-28013
Name of the Vulnerable Software and Affected Versions QuantumCloud ChatBot versions through 7.7.9 Description A flaw exists in QuantumCloud ChatBot that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially allow an...