CVE-2026-39812

A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...

CVE-2025-61886

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests...

Windows Snipping Tool Remote Code Execution Vulnerability

Improper neutralization of special elements used in a command 'command injection' in Windows Snipping Tool allows an unauthorized attacker to execute code locally...

.NET Spoofing Vulnerability

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...

SQL Server Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

Microsoft Power Apps Desktop Client Spoofing Vulnerability

Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network...

PT-2026-32839

Name of the Vulnerable Software and Affected Versions .NET versions 8.0.0 through 8.0.25 .NET versions 9.0.0 through 9.0.14 .NET versions 10.0.0 through 10.0.5 Description Improper neutralization of special elements in System.Net.Mail allows an unauthorized attacker to perform a spoofing attack...

PT-2026-32841

Name of the Vulnerable Software and Affected Versions Windows Snipping Tool affected versions not specified Description Improper neutralization of special elements used in a command allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. Recommendatio...

PT-2026-32835

Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description Improper neutralization of special elements used in an sql command SQL injection allows an authorized attacker to elevate privileges locally. SQL injection is a technique where an attacker...

PT-2026-32720

Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network...

PT-2026-32687

Name of the Vulnerable Software and Affected Versions FortiSandbox versions 4.4.0 through 4.4.8 Description An OS command injection issue exists in the JRPC API of FortiSandbox due to improper neutralization of the pipe symbol | when processing the jid parameter. This flaw allows an unauthenticat...

CVE-2026-32178

Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...

EUVD-2026-21996

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...

EUVD-2026-21994

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800...

EUVD-2026-21988

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-30813

CVE-2026-30813 describes an SQL Injection vulnerability in Pandora FMS versions 777 through 800, caused by improper neutralization of special elements in SQL commands used during the module search. The affected component is the module search functionality; root cause is inadequate input handling ...

CVE-2026-30812 Stored Cross-Site Scripting in Event Comments via Filter Bypass

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800...

PT-2026-32387

Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...

PT-2026-32389

Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Event Response execution. This issue affects Pandora FMS: from 777 through 800...

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview metagpt is a The Multi-Agent Framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the generatethoughts function in the Tree-of-Thought Solver component. An attacker can execute...