CVE-2026-24618 WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in HashThemes Hash Elements allows Retrieve Embedded Sensitive Data. This issue affects Hash Elements: from n/a through 1.5.4...

CVE-2026-24618

CVE-2026-24618 affects the WordPress Hash Elements plugin (Hash Elements) versions up to 1.5.4. The vulnerability is described as Exposure of Sensitive System Information to an Unauthorized Control Sphere, enabling retrieval of embedded sensitive data. According to the provided sources, the CVSS ...

WordPress Hash Elements plugin <= 1.5.4 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by theviper17 in WordPress Plugin Hash Elements versions = 1.5.4...

PT-2026-48976

Name of the Vulnerable Software and Affected Versions Hash Elements versions prior to 1.5.5 Description An issue in HashThemes Hash Elements allows the retrieval of embedded sensitive system information to an unauthorized control sphere. Recommendations Update to version 1.5.5 or later...

EUVD-2026-36238

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

EUVD-2026-36210

Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...

Soagen Apinizer 安全漏洞

Soagen Apinizer is an API management and API gateway platform developed by the Turkish company Soagen. Versions of Soagen Apinizer from 2026.04.0 to 2026.04.6 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements in expressions language...

CVE-2026-42835

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...

PT-2026-47878

Name of the Vulnerable Software and Affected Versions Microsoft Teams for Android affected versions not specified Description Improper neutralization of special elements in output used by a downstream component injection allows an authorized attacker to disclose sensitive information over a netwo...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

ROS-20260608-73-0021

The vulnerability of the .NET software platform is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...

ROS-20260608-73-0024

The vulnerability of the .NET software platform is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...

ROS-20260608-73-0020

The vulnerability of the .NET software platform is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...

CVE-2026-37222

FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element IE counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs e.g., an E2setupRequest with extra optional fields to crash the near-RT RIC port 36421 or...

CVE-2025-59609

Information Disclosure when processing advertisement frames with malformed MBSSID elements of insufficient length...

CVE-2026-5486

The Unlimited Elements for Elementor plugin for WordPress is vulnerable to SQL Injection via the 'datafiltersearch' parameter in the getcataddons AJAX action in versions up to and including 2.0.7. This is due to insufficient input sanitization and the use of deprecated escaping functions combined...

CVE-2026-42410

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor allows DOM-Based XSS.This issue affects TheGem Theme Elements for Elementor: from n/a before 5.12.1.1...

CVE-2026-7284

The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.4.4. This is due to the 'easyelhandleregister' function not restricting what user roles a user can register with...

CVE-2026-48837

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Unlimited Elements For Elementor allows Blind SQL Injection. This issue affects Unlimited Elements For Elementor: from n/a through 2.0.8...

EUVD-2026-34334

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...