PT-2026-28013

Name of the Vulnerable Software and Affected Versions QuantumCloud ChatBot versions through 7.7.9 Description A flaw exists in QuantumCloud ChatBot that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially allow an...

PT-2026-28131

Name of the Vulnerable Software and Affected Versions IBM Maximo Application Suite - Monitor Component versions 9.1, 9.0, 8.11, and 8.10 Description The software allows an unauthorized user to inject data into log messages because of insufficient sanitization of special characters when writing to...

PT-2026-28048

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in JoomSky JS Help Desk js-support-ticket allows Blind SQL Injection.This issue affects JS Help Desk: from n/a through = 3.0.3...

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.

Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the exec function in the /src/vanna/legacy file. An attacker can execute arbitrar...

CVE-2025-62845

An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...

EUVD-2026-13206

Improper neutralization of special elements used in an os command 'os command injection' in Microsoft Bing Images allows an unauthorized attacker to execute code over a network...

CVE-2026-32191

Improper neutralization of special elements used in an os command 'os command injection' in Microsoft Bing Images allows an unauthorized attacker to execute code over a network...

CVE-2026-26136

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to disclose information over a network...

EUVD-2026-13057

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Cozmoslabs Profile Builder Pro allows Blind SQL Injection.This issue affects Profile Builder Pro: from n/a through 3.13.9...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.springframework:spring-webmvc is a package that provides Model-View-Controller MVC architecture and ready components that can be used to develop flexible and loosely coupled web applications. Affected versions of this package are vulnerable to Improper Neutralization of Special...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection'. The vulnerability exists in the handling of Server-Sent Events SSE when streaming plain text data. An attacker can inject crafted data int...

Fortinet FortiWeb OS Command Injection Vulnerability (CNVD-2026-14602)

Fortinet FortiWeb is a Web application layer firewall from the U.S. company Fita Fortinet, which can block threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks to ensure the security of Web applications and protect sensitive database content. A...

Dell ThinOS 10 命令注入漏洞

Dell ThinOS 10 is an operating system from the American company Dell Dell. A command injection vulnerability exists in versions prior to Dell ThinOS 10 260210.0573. The vulnerability stems from improper neutralization of special elements in commands and can be exploited by an attacker to achieve...

Exploit for Improper Neutralization of Special Elements Used in a Template Engine in Amidaware Tactical_Rmm

C...

EUVD-2026-11709

HMS Networks Ewon Flexy with firmware before 15.0s4, Cosy+ with firmware 22.xx before 22.1s6, and Cosy+ with firmware 23.xx before 23.0s3 have improper neutralization of special elements used in an OS command allowing remote code execution by attackers with low privilege access on the gateway,...

CVE-2026-32418

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...

CVE-2026-32418 WordPress Meow Gallery plugin <= 5.4.4 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through = 5.4.4...

PT-2026-25213

🟠 CVE-2026-32366 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in robfelty Collapsing Categories collapsing-categories allows Blind SQL Injection.This issu... https://t.co/GrCcl9W1Op https://t.co/eW46FBLIh3...

PT-2026-25172

🟠 CVE-2026-31917 - High Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in weDevs WP ERP erp allows SQL Injection.This issue affects WP ERP: from n/a through = ... https://t.co/rmxKLdVO6O https://t.co/0W8qwfmY6K...