EUVD-2025-93398

Improper neutralization of special elements used in a command 'command injection' in Visual Studio allows an authorized attacker to execute code locally...

PT-2025-46514

Name of the Vulnerable Software and Affected Versions Visual Studio Code CoPilot Chat Extension affected versions not specified Description The Visual Studio Code CoPilot Chat Extension contains a flaw related to improper neutralization of special elements used in commands, potentially leading to...

PT-2025-46507

Name of the Vulnerable Software and Affected Versions Visual Studio affected versions not specified Description An issue exists in Visual Studio related to improper neutralization of special elements used in a command, potentially leading to command injection. An authorized attacker could exploit...

EUVD-2025-38313

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

CVE-2025-36185

IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization of user-supplied input in several fields, including repository descriptions, project names, git commit author names, commit messages, access token names, and webhook URLs. An attacker can inject malicious ANSI...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization of user-supplied input in several fields, including repository descriptions, project names, git commit author names, commit messages, access token names, and webhook URLs. An attacker can inject malicious ANSI...

WordPress plugin CoSchool LMS SQL注入漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the WordPress plugin CoSchool LMS, which stems from the...

CVE-2025-6520

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Abis Technology BAPSIS allows Blind SQL Injection. This issue affects BAPSIS: before 202510271606...

Abis BAPSIS SQL注入漏洞

Abis BAPSIS is a subject management system from Abis Turkey. An SQL injection vulnerability exists in versions prior to Abis BAPSIS 202510271606, which stems from improper neutralization of special elements and could lead to a blind SQL injection attack...

CVE-2025-46422

Dell Unity, versions 5.5 and prior, contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability to execute arbitrary commands with root privileges...

Dell Unity 操作系统命令注入漏洞

Dell Unity is a mid-range storage solution from Dell that supports file storage, block storage, and a variety of data services features designed to meet the needs of organizations for flexibility, cost-effectiveness, and simplicity. Dell Unity suffers from an operating system command injection...

Improper Neutralization

Overview next-auth is an Authentication for Next.js Affected versions of this package are vulnerable to Improper Neutralization in the email validation component. An attacker can intercept sensitive authentication emails by submitting a specially crafted email address that manipulates the parsing...

Improper Neutralization

Overview @auth/core is an Authentication for the Web. Affected versions of this package are vulnerable to Improper Neutralization in the email validation component. An attacker can intercept sensitive authentication emails by submitting a specially crafted email address that manipulates the parsi...

EUVD-2025-36531

IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to improper neutralization of log input...

CVE-2025-36081 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to improper neutralization of log input...

Aksis Netty ERP SQL注入漏洞

Aksis Netty ERP is an enterprise resource planning software from Aksis Turkey. An SQL injection vulnerability exists in Aksis Netty ERP versions prior to V.1.1000, which stems from improper neutralization of special elements and can lead to SQL injection attacks...

CVE-2025-48091

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Alexander AnyComment anycomment allows SQL Injection.This issue affects AnyComment: from n/a through = 0.3.6...

Mediawiki - LanguageSelector Extension Code Injection Vulnerability

Mediawiki - LanguageSelector Extension is an extension for MediaWiki to provide multi-language support, allowing users to select and configure the interface language. A code injection vulnerability exists in Mediawiki - LanguageSelector Extension, which stems from improper neutralization of speci...

EUVD-2025-35329

A high privileged remote attacker can influence the parameters passed to the openssl command due to improper neutralization of special elements when adding a password protected self-signed certificate...