2403 matches found
CVE-2021-3817
wbcecms is vulnerable to Improper Neutralization of Special Elements used in an SQL Command...
CVE-2020-28015
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...
CVE-2019-9538
: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in the LDAP cbURL parameter of Telos Automated Message Handling System allows a remote attacker to inject arbitrary script into an AMHS session. This issue affects: Telos Automated Message Handling...
CVE-2018-1000854
esigate.org esigate version 5.2 and earlier contains a CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' vulnerability in ESI directive with user specified XSLT that can result in Remote Code Execution. This attack appear to be exploitable vi...
CVE-2025-39389
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Solid Plugins AnalyticsWP allows SQL Injection.This issue affects AnalyticsWP: from n/a through 2.1.2...
CVE-2025-22792
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jinwen Js O3 Lite allows Reflected XSS.This issue affects Js O3 Lite: from n/a through 1.5.8.2...
CVE-2025-39395
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mojoomla WPAMS apartment-management allows SQL Injection.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...
CVE-2025-32924 WordPress Revy plugin <= 2.1 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in roninwp Revy allows SQL Injection.This issue affects Revy: from n/a through 2.1...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the gardenlet component. An attacker with administrative privileges for a Gardener project can escalate privileges and gain control over the seed clusters by injecting malicious metadata into a project secret...
CVE-2025-39365 WordPress wProject theme < 5.8.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rocket Apps wProject allows Reflected XSS.This issue affects wProject: from n/a before 5.8.0...
CVE-2025-39389
CVE-2025-39389 – AnalyticsWP (WordPress plugin) The vulnerability is an SQL Injection in AnalyticsWP versions from n/a through 2.1.2. It carries a high severity (CVSS 3.1 base score 9.3; network attack vector, no user interaction). The root cause is improper neutralization of SQL elements, enabli...
CVE-2025-48237
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPFactory Wishlist for WooCommerce wish-list-for-woocommerce allows Stored XSS.This issue affects Wishlist for WooCommerce: from n/a through = 3.2.2...
CVE-2025-48280
CVE-2025-48280 (AutomatorWP) — SQL Injection in AutomatorWP prior to 5.2.1.3 due to improper neutralization of special elements in SQL commands, enabling blind SQL injection. Affected: AutomatorWP up to 5.2.1.3. Mitigation: upgrade to a version later than 5.2.1.3 (patches/updates referenced in Pa...
CVE-2025-48278 WordPress RSVPMarker <= 11.5.6 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in davidfcarr RSVPMarker allows SQL Injection. This issue affects RSVPMarker : from n/a through 11.5.6...
CVE-2025-48278
CVE-2025-48278 affects the WordPress RSVPMarker plugin (versions n/a through 11.5.6). The vulnerability is an SQL Injection caused by improper neutralization of special elements in SQL commands. The connected documents confirm the issue exists in RSVPMarker up to 11.5.6, with PatchStack and CVE r...
CVE-2025-48113
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Broadstreet Broadstreet Ads broadstreet allows Stored XSS.This issue affects Broadstreet Ads: from n/a through = 1.51.2...
CVE-2025-4804 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in Hotpot Configuration
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the spamBlocker module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects...
CVE-2025-48137
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in proxymis Interview allows SQL Injection. This issue affects Interview: from n/a through 1.01...
CVE-2025-32301
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup CountDown Pro WP Plugin circularcountdown allows SQL Injection.This issue affects CountDown Pro WP Plugin: from n/a through = 2.7...
CVE-2025-31926
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Sticky Radio Player lbg-audio5-html5-shoutcaststicky allows SQL Injection.This issue affects Sticky Radio Player: from n/a through = 3.4...