Lucene search
K

2403 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:44 p.m.13 views

CVE-2021-3817

wbcecms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...

9.8CVSS7.4AI score0.37824EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:35 p.m.7 views

CVE-2020-28015

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...

7.8CVSS7AI score0.00379EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:57 a.m.11 views

CVE-2019-9538

: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling...

6.1CVSS6.9AI score0.00841EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:16 a.m.7 views

CVE-2018-1000854

esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable vi...

9.8CVSS7.4AI score0.0316EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:23 p.m.9 views

CVE-2025-39389

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This issue affects AnalyticsWP: from n/a through 2.1.2...

9.3CVSS8.9AI score0.00292EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 4:39 p.m.13 views

CVE-2025-22792

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jinwen Js O3 Lite allows Reflected XSS.This issue affects Js O3 Lite: from n/a through 1.5.8.2...

7.1CVSS8.6AI score0.00192EPSS
Exploits0References1
NVD
NVD
added 2025/05/19 8:15 p.m.8 views

CVE-2025-39395

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...

9.3CVSS0.00301EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 7:57 p.m.5 views

CVE-2025-32924 WordPress Revy plugin <= 2.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1...

8.5CVSS7.6AI score0.00267EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/19 7:43 p.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the gardenlet component. An attacker with administrative privileges for a Gardener project can escalate privileges and gain control over the seed clusters by injecting malicious metadata into a project secret...

9.9CVSS7.2AI score0.00374EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/19 7:40 p.m.13 views

CVE-2025-39365 WordPress wProject theme < 5.8.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0...

7.1CVSS0.00191EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 7:31 p.m.36 views

CVE-2025-39389

CVE-2025-39389 – AnalyticsWP (WordPress plugin) The vulnerability is an SQL Injection in AnalyticsWP versions from n/a through 2.1.2. It carries a high severity (CVSS 3.1 base score 9.3; network attack vector, no user interaction). The root cause is improper neutralization of SQL elements, enabli...

9.3CVSS8.9AI score0.00292EPSS
Exploits0References1
NVD
NVD
added 2025/05/19 3:15 p.m.9 views

CVE-2025-48237

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through = 3.2.2...

6.5CVSS0.00215EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 2:45 p.m.28 views

CVE-2025-48280

CVE-2025-48280 (AutomatorWP) — SQL Injection in AutomatorWP prior to 5.2.1.3 due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected: AutomatorWP up to 5.2.1.3. Mitigation: upgrade to a version later than 5.2.1.3 (patches/updates referenced in Pa...

7.6CVSS5.9AI score0.00288EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/19 2:45 p.m.10 views

CVE-2025-48278 WordPress RSVPMarker <= 11.5.6 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.5.6...

8.5CVSS8.8AI score0.00275EPSS
Exploits0References1
CVE
CVE
added 2025/05/19 2:45 p.m.35 views

CVE-2025-48278

CVE-2025-48278 affects the WordPress RSVPMarker plugin (versions n/a through 11.5.6). The vulnerability is an SQL Injection caused by improper neutralization of special elements in SQL commands. The connected documents confirm the issue exists in RSVPMarker up to 11.5.6, with PatchStack and CVE r...

8.5CVSS5.9AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/18 4:3 p.m.6 views

CVE-2025-48113

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through = 1.51.2...

6.5CVSS7.2AI score0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/16 8:12 p.m.8 views

CVE-2025-4804 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects...

4.8CVSS5.7AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2025/05/16 4:15 p.m.3 views

CVE-2025-48137

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01...

6.5CVSS5.8AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 4:15 p.m.15 views

CVE-2025-32301

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup CountDown Pro WP Plugin circularcountdown allows SQL Injection.This issue affects CountDown Pro WP Plugin: from n/a through = 2.7...

8.5CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 4:15 p.m.3 views

CVE-2025-31926

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcaststicky allows SQL Injection.This issue affects Sticky Radio Player: from n/a through = 3.4...

8.5CVSS0.00267EPSS
Exploits0References1
Rows per page
Query Builder