Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the internal stream buffers SmtpStream, ImapStream, and Pop3Stream not being flushed during the STARTTLS upgrade process. An attacker c...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' in the agent hook event processing. An attacker can escalate privileges by supplying craft...

EUVD-2026-23406

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS command injection vulnerability. A high privileged attacker...

CVE-2026-35074

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of special elements used in an OS Command Injection vulnerability. A high privileged attacker...

CVE-2026-35153

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralization of argument delimiters in a command 'argument injection' vulnerability. A high privileged...

ROS-20260417-73-0038

Vulnerability in zabbix7.2 is related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability may allow an attacker acting remotely to execute arbitrary commands...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization due to the serviceAccountRegex matcher in pilot/pkg/security/authz/model/generator.go. An attacker can gain access to workloads protected by AuthorizationPolicy rules by presenting a SPIFFE identity whose namespa...

CVE-2026-32176

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

CVE-2026-32183

Improper neutralization of special elements used in a command 'command injection' in Windows Snipping Tool allows an unauthorized attacker to execute code locally...

EUVD-2025-209485

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1...

CVE-2026-40734

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Images: from n/a through = 3.3.1...

PT-2026-33046

Name of the Vulnerable Software and Affected Versions Beaver Builder versions prior to 2.10.1.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a type of attack where the application does not return data directl...

WordPress plugin YouTube Showcase 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in the WordPress plugin YouTube Showcase, which ste...

EUVD-2026-22562

Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability...

EUVD-2026-22564

Improper neutralization of special elements used in a command 'command injection' in Windows Snipping Tool allows an unauthorized attacker to execute code locally...

EUVD-2026-22348

A improper neutralization of special elements used in an sql command 'sql injection' vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or commands via...

CVE-2026-32196

Improper neutralization of input during web page generation 'cross-site scripting' in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-32178

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-32178

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-32178

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...