CVE-2026-45214

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

CVE-2026-8740

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

EUVD-2026-30689

A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...

CVE-2026-42838

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-21256

Improper neutralization of special elements used in a command 'command injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network...

CVE-2025-14731

A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CTParser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a...

TalentSoft UNIS SQL注入漏洞

TalentSoft UNIS is a talent management system from TalentSoft Turkey. A SQL injection vulnerability exists in TalentSoft UNIS versions prior to 42321, which stems from improper neutralization of special elements and could lead to a SQL injection attack...

EUVD-2025-9886

Malicious code in bioql PyPI...

The vulnerability of the application for managing CentOS Web Panel lies in its failure to eliminate certain special elements, allowing a perpetrator to execute arbitrary code.

The vulnerability of the CentOS Web Panel management application relates to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a malicious actor operating remotely to execute arbitrary code...

CVE-2024-23812

A vulnerability has been identified in SINEC NMS All versions V2.0 SP1. The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection...

Zoom Client Injection Vulnerability

Zoom Client is a video conferencing client application from Zoom USA that supports multiple platforms. A security vulnerability previously existed in Zoom Desktop Client for Windows and Zoom VDI Client version 5.15.2, which stemmed from a special element neutralization improper issue...

The vulnerability of the phpMyFAQ web application lies in the absence of a mechanism to neutralize certain elements. This allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the phpMyFAQ web application is related to the absence of element neutralization mechanisms. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures using a specially crafted CSV file...

MedData MedDataPACS SQL注入漏洞

MedData MedDataPACS is an image archiving and populating system from MedData. A SQL injection vulnerability exists in versions of MedData MedDataPACS prior to 2023-03-03, which stems from improper neutralization of special elements and a SQL injection vulnerability...

CVE-2022-27489

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiExtender 7.0.0 through 7.0.3, 5.3.2, 4.2.4 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests...

The vulnerability of the CERT/CC VINCE software coordination mechanism lies in its lack of measures to neutralize special elements, allowing attackers to inject arbitrary HTML code.

The vulnerability of the CERT/CC VINCE software coordination mechanism exists due to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code remotely, using the “Product Affected” field...

The vulnerabilities of DCE/RPC components in Samba’s network communication software package allow attackers to compromise data integrity.

The vulnerability of DCE/RPC components in Samba’s networking communication software lies in the insufficient neutralization of certain elements in requests. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

The vulnerability of the Tenda AC15 AC1900 router’s microprogramming software lies in the insufficient neutralization of special elements transmitted in URIs, allowing a hacker to execute arbitrary commands on the target system.

The vulnerability of the Tenda AC15 AC1900 router’s microprogramming software is related to the insufficient neutralization of special elements transmitted in URIs. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands on the target system by sending specially craft...

The vulnerability of the microprogrammed software of Pelco Sarix Enhanced and Spectra Enhanced cameras, related to insufficient neutralization of specific elements in the request, allows a intruder to execute arbitrary system commands.

The vulnerability of the microprogrammed software in Pelco Sarix Enhanced and Spectra Enhanced cameras is related to the insufficient neutralization of specific elements in the request. Exploiting this vulnerability can allow a intruder to execute arbitrary system commands...