Lucene search
K

2408 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.14 views

PT-2026-41849

Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...

5.8AI score0.00487EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/17 2:15 p.m.9 views

CVE-2026-8759

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

7.5CVSS6.7AI score0.00406EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/05/17 8:0 a.m.22 views

CVE-2026-8740

CVE-2026-8740 affects Sanluan PublicCMS 5.202506.d; the issue lies in TemplateResultDirective.java (TemplateResult API), where manipulating the templateContent argument during execution leads to improper neutralization of special template engine elements. This enables a remote attack, and exploit...

6.5CVSS6.3AI score0.00232EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.18 views

PT-2026-41572

Name of the Vulnerable Software and Affected Versions xiandafu beetl versions prior to 3.20.3 Description Improper neutralization of special elements in an expression language statement allows for remote exploitation. The issue exists within the SpELFunction component, specifically in an unknown...

7.5CVSS7.1AI score0.00406EPSS
Exploits0References12
Snyk
Snyk
added 2026/05/14 1:17 p.m.16 views

Improper Neutralization of Special Elements in Data Query Logic

Overview @strapi/strapi is an updated version of the old 'strapi', which is a free and open-source headless CMS delivering your content anywhere you need. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic in the query parameter...

9.2CVSS5.8AI score0.00612EPSS
Exploits5References3
NVD
NVD
added 2026/05/14 10:16 a.m.16 views

CVE-2025-11024

Improper neutralization of special elements used in an SQL command 'SQL injection' vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website allows Blind SQL Injection. This issue affects E-Commerce Website: before 4.5.001...

9.8CVSS0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/12 8:21 p.m.8 views

CVE-2026-26164

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.00799EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/12 6:30 p.m.12 views

EUVD-2026-29716

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...

7.4CVSS5.8AI score0.00399EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.9 views

EUVD-2026-29714

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

5.4CVSS5.8AI score0.0024EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/12 6:30 p.m.10 views

EUVD-2026-29580

Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

8.2CVSS5.8AI score0.00498EPSS
Exploits0References2
NVD
NVD
added 2026/05/12 6:17 p.m.50 views

CVE-2026-41611

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

7.8CVSS0.00421EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.15 views

CVE-2026-41109

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS0.00861EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 11:16 a.m.13 views

CVE-2026-45213

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...

7.6CVSS0.00226EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:2 a.m.12 views

CVE-2026-45214

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows Blind SQL Injection.This issue affects Xpro Elementor Addons: from n/a through = 1.5.1...

8.5CVSS5.8AI score0.00223EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 11:2 a.m.9 views

CVE-2026-45213

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in RealMag777 BEAR woo-bulk-editor allows Blind SQL Injection.This issue affects BEAR: from n/a through = 1.1.7.1...

7.6CVSS5.8AI score0.00226EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40141

Name of the Vulnerable Software and Affected Versions Azure Machine Learning affected versions not specified Description Improper neutralization of special elements in output used by a downstream component allows an unauthorized attacker to perform spoofing over a network. This issue can lead to...

8.5CVSS5.8AI score0.00498EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40261

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to perform tampering over a network...

7.4CVSS5.8AI score0.00399EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40244

Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.8AI score0.00861EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/05/11 2:0 p.m.18 views

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

5.4CVSS5.8AI score0.0024EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/11 12:0 a.m.14 views

PT-2026-40259

Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of special elements in output used by a downstream component injection allows an unauthorized attacker to elevate privileges over a network...

5.4CVSS5.8AI score0.0024EPSS
Exploits0References8
Rows per page
Query Builder