M365 Copilot Information Disclosure Vulnerability

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

CVE-2026-5784

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

CVE-2026-5784

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

EUVD-2026-28349

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Gosoft Software Industry and Trade Ltd. Co. Proticaret E-Commerce allows Cross-Site Scripting XSS, Reflected XSS. This issue affects Proticaret E-Commerce: from v5.0.0 before V 6.0.1767.1383...

CVE-2025-62127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

CVE-2026-27421

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

Microsoft 365 Copilot Business Chat 安全漏洞

Microsoft 365 Copilot Business Chat is an AI chat software developed by Microsoft Corporation in the United States. There is a security vulnerability in Microsoft 365 Copilot Business Chat, which stems from improper neutralization of special elements. This vulnerability could allow unauthorized...

Microsoft Copilot Chat 命令注入漏洞

Microsoft Copilot Chat is an intelligent dialogue assistant feature integrated into the browser by Microsoft Corporation. Microsoft Copilot Chat has a command injection vulnerability, which stems from improper neutralization of special elements within commands. This vulnerability could allow...

PT-2026-38353

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through 8.5...

PT-2026-38358

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

PT-2026-38436

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

PT-2026-38578

Name of the Vulnerable Software and Affected Versions Microsoft Edge Copilot Chat affected versions not specified Description Improper neutralization of special elements used in a command, known as command injection, allows an unauthorized attacker to disclose information over a network...

PT-2026-38575

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description Improper neutralization of special elements in output used by a downstream component injection allows an unauthorized attacker to disclose information over a network. Recommendations At...

PT-2026-38574

Name of the Vulnerable Software and Affected Versions M365 Copilot affected versions not specified Description Improper neutralization of special elements in Copilot Business Chat allows an unauthorized attacker to disclose information over a network. Recommendations At the moment, there is no...

PT-2026-38582

Name of the Vulnerable Software and Affected Versions Azure Cloud Shell affected versions not specified Description Improper neutralization of special elements used in a command allows an unauthorized attacker to perform command injection, which can enable network-based spoofing attacks...

CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview org.webjars.npm:mongoose is a Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the...

EUVD-2026-27227

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253...

CVE-2026-40797

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder LLC WebinarIgnition allows Blind SQL Injection. This issue affects WebinarIgnition: from n/a through 4.08.253...

PT-2026-36980

Name of the Vulnerable Software and Affected Versions WebinarIgnition versions prior to 4.08.253 Description WebinarIgnition contains an issue where improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a technique where an...