2402 matches found
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
Microsoft SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges over a network...
Intel Tiber Edge Platform Edge Orchestrator 安全漏洞
Intel Tiber Edge Platform Edge Orchestrator is an edge computing platform from Intel designed to simplify the edge application development and deployment process by supporting modular tools to build and run edge applications. Intel Tiber Edge Platform Edge Orchestrator suffers from an information...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the usernameasalias parameter in the LDAP authentication process. An attacker can gain unauthorized access to resources protected by multi-factor authentication by supplying a crafted username that bypasses...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the TOTP secrets engine, which accepts valid codes multiple times rather than strictly-once. An attacker can gain unauthorized access to sensitive information due to improper normalization in the underlying...
CVE-2025-6918
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Ncvav Virtual PBX Software allows SQL Injection. This issue affects Virtual PBX Software: before 09.07.2025...
CVE-2025-4822
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Bayraktar Solar Energies ScadaWatt Otopilot allows SQL Injection. This issue affects ScadaWatt Otopilot: before 27.05.2025...
MB CONNECT LINE mbNET.mini Cross-Site Scripting Vulnerability
The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. A cross-site scripting vulnerability exists in MB CONNECT LINE mbNET.mini, which stems from improper neutralization of...
CVE-2025-4294
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in HotelRunner B2B allows Cross-Site Scripting XSS. This issue affects B2B: before 04.06.2025...
CVE-2025-4784
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Moderec Tourtella allows SQL Injection.This issue affects Tourtella: before 26.05.2025...
SMG Software Information Portal 代码问题漏洞
SMG Software Information Portal is an information portal product from SMG Software, Turkey. A code issue vulnerability exists in SMG Software Information Portal, which arises from the unrestricted upload of dangerous types of files and improper neutralization of special elements, which could lead...
Moderec Tourtella SQL注入漏洞
Moderec Tourtella is a software application from the Turkish company Moderec. Moderec Tourtella suffers from a SQL injection vulnerability that stems from improper neutralization of special elements, which could lead to a SQL injection attack...
GHSA-4J66-8F4R-3PJX bun vulnerable to OS Command Injection
All versions of the package bun are vulnerable to Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the $ shell API due to improper neutralization of user input. An attacker can exploit this by providing specially crafted input that includes command-line...
WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes SQL Injection Vulnerability
WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes is a plugin for bulk editing of WooCommerce product information, prices and attributes with support for Simple, Variant, External and Bundled products. WordPress ELEX WooCommerce Advanced Bulk Edit Products,Prices&Attributes...
CVE-2025-46383
CWE-79 Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting'...
CVE-2025-53472
ELECOM WRC-BE36QS-B and WRC-W701-B have an OS command injection vulnerability in the WebGUI caused by improper neutralization of special elements. A remote attacker who can log in to WebGUI may execute arbitrary OS commands. Impact is described as high (possible remote code execution); exploitati...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters. Remediation Upgrade...
Improper Neutralization
Overview org.eclipse.angus:angus-mail is an Angus Mail Provider. Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the handling of SMTP message input. An attacker can inject arbitrary SMTP commands by supplying specially crafted input containing carriage return and line feed characters. Remediation Upgrade...