Lucene search
K

2402 matches found

Microsoft CVE
Microsoft CVE
added 2025/08/12 7:0 a.m.8 views

Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS7.9AI score0.01355EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/08/12 7:0 a.m.3 views

Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS7.9AI score0.01017EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/08/12 7:0 a.m.5 views

Microsoft SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS7.9AI score0.00865EPSS
Exploits0
CNNVD
CNNVD
added 2025/08/12 12:0 a.m.1 views

Intel Tiber Edge Platform Edge Orchestrator 安全漏洞

Intel Tiber Edge Platform Edge Orchestrator is an edge computing platform from Intel designed to simplify the edge application development and deployment process by supporting modular tools to build and run edge applications. Intel Tiber Edge Platform Edge Orchestrator suffers from an information...

6.9CVSS6.2AI score0.0019EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/09 2:41 a.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...

8.5CVSS7.1AI score0.00206EPSS
Exploits0References2
Snyk
Snyk
added 2025/08/09 2:41 a.m.3 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the TOTP secrets engine, which accepts valid codes multiple times rather than strictly-once. An attacker can gain unauthorized access to sensitive information due to improper normalization in the underlying...

7.1CVSS7AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2025/07/28 11:15 a.m.4 views

CVE-2025-6918

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ncvav Virtual PBX Software allows SQL Injection. This issue affects Virtual PBX Software: before 09.07.2025...

9.8CVSS0.00331EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/26 1:15 p.m.8 views

CVE-2025-4822

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection. This issue affects ScadaWatt Otopilot: before 27.05.2025...

9.8CVSS5.6AI score0.0066EPSS
Exploits0References1
CNVD
CNVD
added 2025/07/25 12:0 a.m.3 views

MB CONNECT LINE mbNET.mini Cross-Site Scripting Vulnerability

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. A cross-site scripting vulnerability exists in MB CONNECT LINE mbNET.mini, which stems from improper neutralization of...

4.8CVSS6.4AI score0.0028EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/07/24 2:28 p.m.10 views

CVE-2025-4294

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in HotelRunner B2B allows Cross-Site Scripting XSS. This issue affects B2B: before 04.06.2025...

4.8CVSS5.4AI score0.00182EPSS
Exploits0References1
OSV
OSV
added 2025/07/24 2:15 p.m.3 views

CVE-2025-4784

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Moderec Tourtella allows SQL Injection.This issue affects Tourtella: before 26.05.2025...

9.8CVSS5.8AI score0.00518EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/24 12:0 a.m.4 views

SMG Software Information Portal 代码问题漏洞

SMG Software Information Portal is an information portal product from SMG Software, Turkey. A code issue vulnerability exists in SMG Software Information Portal, which arises from the unrestricted upload of dangerous types of files and improper neutralization of special elements, which could lead...

10CVSS7.1AI score0.01536EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/24 12:0 a.m.3 views

Moderec Tourtella SQL注入漏洞

Moderec Tourtella is a software application from the Turkish company Moderec. Moderec Tourtella suffers from a SQL injection vulnerability that stems from improper neutralization of special elements, which could lead to a SQL injection attack...

9.8CVSS7.8AI score0.00518EPSS
Exploits0References1
OSV
OSV
added 2025/07/23 6:33 a.m.7 views

GHSA-4J66-8F4R-3PJX bun vulnerable to OS Command Injection

All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the $ shell API due to improper neutralization of user input. An attacker can exploit this by providing specially crafted input that includes command-line...

8.8CVSS6.5AI score
Exploits0References4
CNVD
CNVD
added 2025/07/23 12:0 a.m.2 views

WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes SQL Injection Vulnerability

WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes is a plugin for bulk editing of WooCommerce product information, prices and attributes with support for Simple, Variant, External and Bundled products. WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes...

8.5CVSS8.1AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/22 2:50 p.m.6 views

CVE-2025-46383

CWE-79 Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting'...

6.1CVSS7.3AI score0.00223EPSS
Exploits0References1
CVE
CVE
added 2025/07/22 9:30 a.m.15 views

CVE-2025-53472

ELECOM WRC-BE36QS-B and WRC-W701-B have an OS command injection vulnerability in the WebGUI caused by improper neutralization of special elements. A remote attacker who can log in to WebGUI may execute arbitrary OS commands. Impact is described as high (possible remote code execution); exploitati...

8.6CVSS7AI score0.01051EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/21 6:32 p.m.2 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters. Remediation Upgrade...

7.5CVSS7.1AI score0.00756EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/21 6:32 p.m.2 views

Improper Neutralization

Overview org.eclipse.angus:angus-mail is an Angus Mail Provider. Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and...

7.5CVSS7.3AI score0.00756EPSS
Exploits0References2
Snyk
Snyk
added 2025/07/21 6:32 p.m.2 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters. Remediation Upgrade...

7.5CVSS7.3AI score0.00756EPSS
Exploits0References2
Rows per page
Query Builder