CVE-2025-11251

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...

CVE-2026-21654

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...

CVE-2026-28136

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through = 6.9.12...

EUVD-2026-8649

Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affect...

CVE-2026-27847

Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affect...

CVE-2026-22568

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

Improper Neutralization of Special Elements Used in a Template Engine

Overview datapizza-ai-core is a Core components for the datapizza-ai framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the ChatPromptTemplate function that utilises Jinja2 Template. An attacker can execute...

CVE-2025-69307

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...

CVE-2026-26093

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-26093 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-2333 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-2333 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-2333

The CVE is for Owl opds 2.2.0.4, where the vulnerability arises from Improper Neutralization of Special Elements used in a Command (Command Injection). The affected component is Owl opds 2.2.0.4, and the issue is exploitable via a crafted network request. Metrics indicate a CRITICAL base score of...

CVE-2025-69306

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through = 1.4...

CVE-2025-69307 WordPress Medinik Core plugin <= 1.3.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...

CVE-2025-10970

CVE-2025-10970 applies to Kolay Software Inc. Talentics (through version 20022026). The issue is an SQL Injection in Talentics caused by improper neutralization of special elements in SQL commands, enabling Blind SQL Injection. Several sources (NVD/Red Hat/CVE listing) confirm the vulnerability d...

Owl Cyber Defense OPDS 命令注入漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a command injection vulnerability, which stems from improper neutralization of special elements. This vulnerability may allow command injection attac...

PT-2026-21261

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

PT-2026-21009

Name of the Vulnerable Software and Affected Versions Talentics versions through 20022026 Description A flaw exists in Talentics that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. The vendor was contacted regarding this issue but did not...

Improper Neutralization of Equivalent Special Elements

Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements in the htmlEscaped function. An attacker can inject malicious HTML or JavaScript...