2402 matches found
CVE-2025-41678
A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement...
PT-2025-30311 · Drupal +1 · Drupal +1
Name of the Vulnerable Software and Affected Versions: Drupal Real-time SEO for Drupal versions 2.0.0 through 2.1.9 Description: The Real-time SEO for Drupal module contains a flaw due to improper neutralization of input during web page generation, which allows for Cross-Site Scripting XSS...
CVE-2025-46383
CVE-2025-46383 is an XSS issue described across multiple sources as improper neutralization of input during web page generation (CWE-79) affecting Emby Server/Emby Windows deployments. Public entries and OpenVAS notes indicate at least Emby Server versions prior to 4.8.9 are affected, with the un...
CVE-2025-52714
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows SQL Injection.This issue affects Traveler: from n/a through 3.2.2...
CVE-2025-52819
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pakkemx Pakke Envíos pakke allows SQL Injection.This issue affects Pakke Envíos: from n/a through = 1.0.2...
CVE-2025-52714
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows SQL Injection.This issue affects Traveler: from n/a through 3.2.2...
CVE-2025-52779 WordPress Dot html,php,xml etc pages plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in karimmughal Dot html,php,xml etc pages dot-htmlphpxml-etc-pages allows Reflected XSS.This issue affects Dot html,php,xml etc pages: from n/a through = 1.0...
CVE-2025-48161
CVE-2025-48161 affects WordPress YaySMTP plugin: SQL Injection due to improper neutralization of special elements. Affected versions are n/a through 1.3; Wordfence lists it as patched (vulnerability entries show Patched) and PT-Security notes “Versions prior to 1.4 are affected,” implying fixes e...
WordPress plugin YaySMTP SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2025-29735 · WordPress · Crocoblock Jetblocks For Elementor
Name of the Vulnerable Software and Affected Versions: Crocoblock JetBlocks For Elementor versions through 1.3.19 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This can potentially allow a...
Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 操作系统命令注入漏洞
Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a set of network operating systems specialized for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK...
CVE-2025-32297
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through 14.8.1...
CVE-2025-52831
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through = 1.7...
CVE-2025-24780
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows SQL Injection.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a...
CVE-2025-53493 Stored XSS in MintyDocs
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43.2...
UBUNTU-CVE-2025-5878
A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...
CVE-2025-52829
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ Email Marketing: from n/a through = 2.0...
OWASP ESAPI 安全漏洞
OWASP ESAPI is a free, open source, Web application security control library from the OWASP Foundation in the United States that makes it easier for programmers to write lower-risk applications. A security vulnerability exists in OWASP ESAPI that stems from improper neutralization of special...
CVE-2024-12364
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection. This issue affects Guest Tracking Software. NOTE: The vendor did not inform about the completion of the fixing process within the...
CVE-2025-53292
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in samsk WP DataTable wp-datatable allows DOM-Based XSS.This issue affects WP DataTable: from n/a through = 0.2.7...