CVE-2025-10727 Reflected XSS in ArkSigner's AcBakImzala

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in ArkSigner Software and Hardware Inc. AcBakImzala allows Reflected XSS. This issue affects AcBakImzala: before v5.1.4...

EUVD-2023-0312

Malicious code in bioql PyPI...

EUVD-2024-26907

Malicious code in bioql PyPI...

OESA-2025-1991 jakarta-mail security update

The Jakarta Mail API provides a platform-independent and protocol-independent framework to build mail and messaging applications. Security Fixes: A vulnerability has been found in Eclipse Jakarta Mail 2.2 and classified as problematic.The CWE definition for the vulnerability is CWE-147. The produ...

The vulnerability of the FortiMail email protection system and the FortiRecorder video surveillance device’s micro-programming software lies in the lack of measures to neutralize special elements, allowing intruders to execute arbitrary commands.

The vulnerability of the FortiMail email protection system and the FortiRecorder video surveillance device’s microprogramming software lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a perpetrator to execute arbitrary commands...

The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert allows a perpetrator to execute arbitrary code.

The vulnerability of the web interface of the software for managing the infrastructure of the EcoStruxure IT Data Center Expert is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating ...

The vulnerability of the LAN Controller feature of the Cisco IOS XE operating system allows a hacker to execute arbitrary commands.

The vulnerability of the LAN Controller feature of the Cisco IOS XE operating system is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the application for managing CentOS Web Panel lies in its failure to eliminate certain special elements, allowing a perpetrator to execute arbitrary code.

The vulnerability of the CentOS Web Panel management application relates to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...

WordPress plugin BruteGuard – Brute Force Login Protection 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

The vulnerability of the tmp_get_sites function in TP-Link Archer Series, TP-Link Deco Series, and TP-Link Tapo Series routers allows a hacker to execute arbitrary commands.

The vulnerability of the tmpgetsites function in TP-Link Archer Series, TP-Link Deco Series, and TP-Link Tapo Series routers lies in the lack of measures to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Vulnerability of QTS and QuTS operating systems, as well as Qnap network devices, arises from the lack of measures taken to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of QTS and QuTS operating systems, as well as Qnap network devices, is related to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remotely...

The vulnerability of the UEFI loader’s shim, which exists due to the lack of measures taken to neutralize special elements, allows a hacker to execute arbitrary code.

The vulnerability of the UEFI loader “shim” exists due to the failure to implement measures to neutralize certain components. Exploiting this vulnerability allows a remote attacker to execute arbitrary code by sending a specially crafted HTTP request...

PT-2023-4659 · Unknown · Mxsecurity

Name of the Vulnerable Software and Affected Versions: MXsecurity versions prior to v1.0.1 Description: A vulnerability has been identified that allows the unauthorized disclosure of authenticated information. This issue arises when special elements are not neutralized correctly, allowing remote...

The vulnerability of the mySCADA myPRO industrial process visualization and control system lies in the lack of measures to neutralize special elements used in the operating system’s commands. This allows attackers to execute arbitrary commands.

The vulnerability of the mySCADA myPRO industrial process visualization and control system exists due to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands remote...

Typora fails to properly neutralize JavaScript code.

Overview Typora fails to properly neutralize JavaScript code CWE-116. Eiji Mori of Flatt Security Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Opening a file with the affected product may lead to...

The vulnerability of the Arr-pm library for writing/readding RPM packages for the Ruby programming language interpreter allows a perpetrator to execute arbitrary commands.

The vulnerability of the Arr-pm library for writing/readding RPM packages for the Ruby programming language exists because measures to neutralize special elements used in the operating system command are not taken. Exploiting this vulnerability can allow an attacker to execute arbitrary commands...

The vulnerability of the ePolicy Orchestrator antivirus software McAfee Agent allows a violator to execute arbitrary commands.

The vulnerability of the ePolicy Orchestrator anti-virus software McAfee Agent relates to the failure to take measures to neutralize special elements used in SQL queries. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands by sending specially crafted SQL queries...

Cross-site Scripting (XSS) - Stored

Description The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Proof of Concept Add Item,And name is payload alertlocation...

CVE-2021-32981

AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that ca...

The vulnerability of the Kubernetes command-line tool kubectl allows attackers to escalate their privileges. This vulnerability is exploited by attackers who aim to enhance their access levels.

The vulnerability of the Kubernetes command-line tool kubectl relates to the lack of measures taken to neutralize special elements used in operating system commands. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...