Lucene search
K

2402 matches found

OSV
OSV
added 2025/07/21 10:15 a.m.2 views

CVE-2025-41678

A high privileged remote attacker can alter the configuration database via POST requests due to improper neutralization of special elements used in a SQL statement...

7.2CVSS5.9AI score0.00589EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.6 views

PT-2025-30311 · Drupal +1 · Drupal +1

Name of the Vulnerable Software and Affected Versions: Drupal Real-time SEO for Drupal versions 2.0.0 through 2.1.9 Description: The Real-time SEO for Drupal module contains a flaw due to improper neutralization of input during web page generation, which allows for Cross-Site Scripting XSS...

6.1CVSS6AI score0.00227EPSS
Exploits0References3
CVE
CVE
added 2025/07/20 2:35 p.m.14 views

CVE-2025-46383

CVE-2025-46383 is an XSS issue described across multiple sources as improper neutralization of input during web page generation (CWE-79) affecting Emby Server/Emby Windows deployments. Public entries and OpenVAS notes indicate at least Emby Server versions prior to 4.8.9 are affected, with the un...

6.1CVSS7.2AI score0.00223EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/18 11:54 a.m.14 views

CVE-2025-52714

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows SQL Injection.This issue affects Traveler: from n/a through 3.2.2...

9.3CVSS5.9AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/07/18 11:54 a.m.4 views

CVE-2025-52819

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in pakkemx Pakke Envíos pakke allows SQL Injection.This issue affects Pakke Envíos: from n/a through = 1.0.2...

8.5CVSS5.9AI score0.00331EPSS
Exploits0References1
NVD
NVD
added 2025/07/16 12:15 p.m.3 views

CVE-2025-52714

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in shinetheme Traveler traveler allows SQL Injection.This issue affects Traveler: from n/a through 3.2.2...

9.3CVSS0.00371EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/16 11:27 a.m.10 views

CVE-2025-52779 WordPress Dot html,php,xml etc pages plugin <= 1.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in karimmughal Dot html,php,xml etc pages dot-htmlphpxml-etc-pages allows Reflected XSS.This issue affects Dot html,php,xml etc pages: from n/a through = 1.0...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2025/07/16 10:36 a.m.21 views

CVE-2025-48161

CVE-2025-48161 affects WordPress YaySMTP plugin: SQL Injection due to improper neutralization of special elements. Affected versions are n/a through 1.3; Wordfence lists it as patched (vulnerability entries show Patched) and PT-Security notes “Versions prior to 1.4 are affected,” implying fixes e...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/16 12:0 a.m.4 views

WordPress plugin YaySMTP SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

7.6CVSS7.6AI score0.00355EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.4 views

PT-2025-29735 · WordPress · Crocoblock Jetblocks For Elementor

Name of the Vulnerable Software and Affected Versions: Crocoblock JetBlocks For Elementor versions through 1.3.19 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This can potentially allow a...

6.5CVSS5.9AI score0.00204EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/07/11 12:0 a.m.7 views

Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 操作系统命令注入漏洞

Juniper Networks Junos OS and Juniper Networks Junos OS Evolved are both products of Juniper Networks, Inc.Juniper Networks Junos OS is a set of network operating systems specialized for the company's hardware devices. The operating system provides a secure programming interface and the Junos SDK...

8.4CVSS7.5AI score0.00465EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/07/06 11:21 a.m.11 views

CVE-2025-32297

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in quantumcloud Simple Link Directory qc-simple-link-directory allows SQL Injection.This issue affects Simple Link Directory: from n/a through 14.8.1...

8.5CVSS5.9AI score0.00246EPSS
Exploits0References1
NVD
NVD
added 2025/07/04 12:15 p.m.3 views

CVE-2025-52831

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in thanhtungtnt Video List Manager video-list-manager allows SQL Injection.This issue affects Video List Manager: from n/a through = 1.7...

9.3CVSS0.00275EPSS
Exploits0References1
NVD
NVD
added 2025/07/04 12:15 p.m.3 views

CVE-2025-24780

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows SQL Injection.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a...

8.5CVSS0.00246EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/02 2:38 p.m.2 views

CVE-2025-53493 Stored XSS in MintyDocs

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Mediawiki - MintyDocs Extension allows Stored XSS.This issue affects Mediawiki - MintyDocs Extension: from 1.43.X before 1.43.2...

6.4AI score0.0023EPSS
Exploits1References2
OSV
OSV
added 2025/06/29 12:15 p.m.6 views

UBUNTU-CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...

7.3CVSS6.5AI score0.004EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/06/29 12:6 p.m.11 views

CVE-2025-52829

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in DirectIQ DirectIQ Email Marketing directiq-wp allows SQL Injection.This issue affects DirectIQ Email Marketing: from n/a through = 2.0...

9.3CVSS5.9AI score0.00275EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/29 12:0 a.m.4 views

OWASP ESAPI 安全漏洞

OWASP ESAPI is a free, open source, Web application security control library from the OWASP Foundation in the United States that makes it easier for programmers to write lower-risk applications. A security vulnerability exists in OWASP ESAPI that stems from improper neutralization of special...

7.5CVSS7.8AI score0.004EPSS
Exploits1References11
ATTACKERKB
ATTACKERKB
added 2025/06/27 5:15 p.m.4 views

CVE-2024-12364

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mavi Yeşil Software Guest Tracking Software allows SQL Injection. This issue affects Guest Tracking Software. NOTE: The vendor did not inform about the completion of the fixing process within the...

9.8CVSS5.8AI score0.00377EPSS
Exploits0References3
NVD
NVD
added 2025/06/27 2:15 p.m.4 views

CVE-2025-53292

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in samsk WP DataTable wp-datatable allows DOM-Based XSS.This issue affects WP DataTable: from n/a through = 0.2.7...

6.5CVSS0.00198EPSS
Exploits0References1
Rows per page
Query Builder