EUVD-2026-34336

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

PT-2026-46401

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2025-15655

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...

PT-2026-45910

Name of the Vulnerable Software and Affected Versions Mojoomla School Management versions prior to 93.2.0 Description Improper neutralization of special elements used in an SQL command allows for SQL injection, a technique where malicious SQL statements are inserted into entry fields for executio...

EUVD-2026-33691

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...

EUVD-2025-209992

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Console WebUI in Waterfall WF-500 TX and RX Hosts in version 7.9.1.0 R2502171040 that allows remote unauthenticated attackers to execute arbitrary operating...

CVE-2025-41267

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in the Administration WebUI in Waterfall WF-500 TX Host in version 7.9.1.0 R2502171040 that allows remote authenticated attackers to execute arbitrary operating syste...

PT-2026-44819

Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' in Waterfall WF-500 RX Host in version 7.9.1.0 R2502171040 that allows attackers with access to the TX Host to execute code on the RX Host when a MySQL connector is...

CVE-2026-3676

CVE-2026-3676 : IBM Db2 components bundled with IBM Cloud APM (Base Private 8.1.4/Advanced Private 8.1.4) are vulnerable when used with Linux/UNIX/Windows DB2 builds (including DB2 Connect Server). The issue arises from improper neutralization of special elements in the data query logic within th...

CVE-2026-42761

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 Active Products Tables for WooCommerce profit-products-tables-for-woocommerce allows Blind SQL Injection.This issue affects Active Products Tables for WooCommerce: from n/a through = 1.0...

CVE-2026-42747

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through = 4.0.6...

EUVD-2026-32203

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 TableOn posts-table-filterable allows Blind SQL Injection.This issue affects TableOn: from n/a through = 1.0.5.1...

CVE-2026-42740

The connected sources confirm a SQL Injection vulnerability in the WordPress Tainacan plugin, affecting version range

CVE-2026-40811

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40850

CVE-2026-40850 describes an unauthenticated SQL injection in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command, leading to total loss of confidentiality. The vulnerability is shown with CVSS 3.1 base score 7.5 (NETWORK, LOW complexity, NONE pri...

EUVD-2026-32148

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the useralarmprofile view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40835

CVE-2026-40835 describes an unauthenticated SQL Injection in the saveObjectFromData function, exploitable by a low-privileged remote attacker. Root cause: improper neutralization of special elements in a SQL SELECT command. Impact: total confidentiality loss. Documents from NVD and CVE lists conf...