Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Overview Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane Special Element Injection in the processing of the X-Nuclio-Arguments HTTP header, which is incorporated into shell commands without validation or sanitization. An attacker can...

CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

CVE-2026-1554 Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

XML Injection aka Blind XPath Injection vulnerability in Drupal Central Authentication System CAS Server allows Privilege Escalation.This issue affects Central Authentication System CAS Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2...

CVE-2026-1554

CVE-2026-1554 is an XML Injection (Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server. The issue affects CAS Server on Drupal and is triggered by insufficient sanitization of XML data used as CAS attributes, enabling privilege escalation. Public details indi...

DRUPAL-CONTRIB-2026-007

This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...

Central Authentication System (CAS) Server - Less critical - XML Element Injection - SA-CONTRIB-2026-007

This module enables you to turn a Drupal install into the Central Authentication System CAS. It makes your database the primary location for other systems to use for authentication in a SSO environment. The module doesn't sufficiently sanitize user-supplied field values configured to be included ...

EUVD-2016-10277

Malware in sbrugna...

EUVD-2022-0258

Malicious code in bioql PyPI...

EUVD-2023-1175

Malicious code in bioql PyPI...

EUVD-2023-12376

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-0302

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository radareorg/radare2 prior to 5.8.2. CVE-2023-0302 Note...

Linux Distros Unpatched Vulnerability : CVE-2016-1000342

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Bouncy Castle JCE Provider version 1.55 and earlier ECDSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject...

tarteaucitron.js vulnerable to DOM Clobbering via document.currentScript

A vulnerability was identified in tarteaucitron.js where document.currentScript was accessed without verifying that it referenced an actual element. If an attacker injected an HTML element such as: it could clobber the document.currentScript property. This causes the script to resolve incorrectly...

Apache Airflow Providers Snowflake package allows for Special Element Injection via CopyFromExternalStageToSnowflakeOperator

Failure to Sanitize Special Elements into a Different Plane Special Element Injection vulnerability in Apache Airflow Providers Snowflake. This issue affects Apache Airflow Providers Snowflake: before 6.4.0. Sanitation of table and stage parameters were added...

PYSEC-2025-51

Failure to Sanitize Special Elements into a Different Plane Special Element Injection vulnerability in Apache Airflow Providers Snowflake.This issue affects Apache Airflow Providers Snowflake: before 6.4.0.Sanitation of table and stage parameters were added...

Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)

Overview apache-airflow-providers-snowflake is a Provider package apache-airflow-providers-snowflake for Apache Airflow Affected versions of this package are vulnerable to Failure to Sanitize Special Elements into a Different Plane Special Element Injection in the...

CVE-2023-1758

Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository thorsten/phpmyfaq prior to 3.1.12...

CVE-2022-4721

Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository ikus060/rdiffweb prior to 2.5.5...

VulnCheck KEV: CVE-2022-43769

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...

Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability

Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution...