CVE-2025-14688

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations exist...

Dromara Lamp-Cloud 安全漏洞

Dromara Lamp-Cloud is dromara open source based on Jdk11 SpringCloud SpringBoot development of microservices in the backend rapid development platform . Dromara lamp-cloud 5.6.2 and earlier versions of a security vulnerability , the vulnerability stems from the Message Template Handler component ...

EUVD-2026-31512

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

CVE-2026-5559

AntaresMugisho PyBlade 0.1.8-alpha/0.1.9-alpha is affected by a vulnerability in sandbox.py:_is_safe_ast within the AST Validation component. The flaw enables improper neutralization of special elements in the template engine, with remote-exploitation potential. Exploit has been disclosed publicl...

CVE-2026-25417 WordPress ProfileGrid plugin <= 5.9.8.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities allows Stored XSS.This issue affects ProfileGrid : from n/a through = 5.9.8.1...

CVE-2026-25350

CVE-2026-25350 is a Reflected XSS vulnerability in the Miti WordPress theme (Miti miti) affecting versions

CVE-2026-24983 WordPress UpSolution Core plugin <= 8.41 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UpSolution UpSolution Core us-core allows Reflected XSS.This issue affects UpSolution Core: from n/a through = 8.41...

CVE-2025-69296

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through = 4.6.3...

CVE-2025-36427

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic...

CVE-2025-67923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.7.7...

CVE-2025-2204

Technical details about CVE-2025-2204 are not publicly available in the provided documents. Monitor for updates.

CVE-2025-23696

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ronan Mockett Staging CDN staging-cdn allows Reflected XSS.This issue affects Staging CDN: from n/a through = 1.0.0...

CVE-2025-23838

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rally Vincent Bauernregeln bauernregeln allows Reflected XSS.This issue affects Bauernregeln: from n/a through = 1.0.1...

CVE-2025-23635

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mobde3net ePermissions epermissions allows Reflected XSS.This issue affects ePermissions: from n/a through = 1.2...

CVE-2022-0121

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1...

CVE-2025-52739

CVE-2025-52739 affects WordPress Sala theme versions up to 1.1.3. The root cause is improper neutralization of input during web page generation, enabling Reflected XSS. Impact described in multiple feeds: reflected XSS affecting Sala from n/a through 1.1.3 with published CVSS 3.1 vector (AV:N/AC:...

PT-2025-51458

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeNectar Salient Portfolio salient-portfolio allows Stored XSS.This issue affects Salient Portfolio: from n/a through = 1.8.2...

CVE-2025-63050

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sizam REHub Framework rehub-framework allows Stored XSS.This issue affects REHub Framework: from n/a through 19.9.9.7...

CVE-2025-53234

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in AndonDesign UDesign Core u-design-core allows Reflected XSS.This issue affects UDesign Core: from n/a through = 4.14.0...

Mediawiki - Skin:BlueSky 安全漏洞

Mediawiki - Skin:BlueSky is an open source appearance plugin for Mediawiki. A security vulnerability exists in Mediawiki - Skin:BlueSky versions prior to 1.39, which stems from improper input neutralization and could lead to a stored cross-site scripting attack...