CVE-2025-46699

Dell Data Protection Advisor, versions prior to 19.12, contains an Improper Neutralization of Special Elements Used in a Template Engine vulnerability in the Server. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

WordPress plugin UX Flat security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

PT-2026-4406

Name of the Vulnerable Software and Affected Versions Israpil Textmetrics webtexttool versions through 3.6.3 Description A flaw exists in Israpil Textmetrics webtexttool that allows for code injection due to improper neutralization of script-related HTML tags on a web page. This is a Basic...

WordPress plugin Nelio Content has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

WordPress plugin Textmetrics has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2025-47600

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in xtemos WoodMart woodmart allows Code Injection.This issue affects WoodMart: from n/a through = 8.3.7...

CVE-2025-68881

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saad Iqbal AppExperts appexperts allows SQL Injection.This issue affects AppExperts: from n/a through = 1.4.5...

CVE-2025-4763

CVE-2025-4763 is a reflected XSS vulnerability in Hotel Guest Hotspot by Aida Computer Information Technology Inc. The issue arises from improper neutralization of input during web page generation, allowing an attacker to inject malicious script. Affected product/version scope is stated as Hotel ...

PT-2026-4133

Name of the Vulnerable Software and Affected Versions FooEvents for WooCommerce versions through 1.20.4 Description A flaw exists in FooEvents for WooCommerce that allows for SQL Injection. The issue is due to improper neutralization of special elements within SQL commands. This could potentially...

Dell Unisphere for PowerMax SQL Injection Vulnerability

Dell Unisphere for PowerMax is a graphical management platform developed by the American company Dell. The version 10.2.0.x of Dell Unisphere for PowerMax has a SQL injection vulnerability. This vulnerability arises from improper neutralization of special elements, which may lead to SQL injection...

PT-2026-4259

Name of the Vulnerable Software and Affected Versions shinetheme Traveler versions prior to 3.2.8 Description An issue exists in shinetheme Traveler that allows for Blind SQL Injection due to Improper Neutralization of Special Elements used in an SQL Command. This allows an attacker to potentiall...

Improper Neutralization of Special Elements Used in a Template Engine

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine when processing untrusted template expressions. An attacker can execute arbitrary code on the server by injecting specially crafted template payloads. Remediation...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the process that handles Cypher queries. An attacker can execute arbitrary Cypher commands by injecting malicious input into the query construction process. Remediation...

PT-2026-2794

Name of the Vulnerable Software and Affected Versions Vivotek devices versions 0100a through 012502 Description The affected devices contain an Improper Neutralization of Special Elements used in a Command 'Command Injection' issue. This allows for potential OS Command Injection through the uploa...

CVE-2023-25800

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0...

CVE-2023-25983

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPOmnia KB Support.This issue affects KB Support: from n/a through 1.5.84...

CVE-2018-1000154

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page CWE-80 vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser...

CVE-2022-38702

Improper Neutralization of Formula Elements in a CSV File vulnerability in Nakashima Masahiro WP CSV Exporter.This issue affects WP CSV Exporter: from n/a through 2.0...

CVE-2022-38056

Improper neutralization in the IntelR EMA software before version 1.8.1.0 may allow a privileged user to potentially enable escalation of privilege via network access...

CVE-2022-42882

Improper Neutralization of Formula Elements in a CSV File vulnerability in Shambix Simple CSV/XLS Exporter.This issue affects Simple CSV/XLS Exporter: from n/a through 1.5.8...