8766 matches found
CVE-2026-32178
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-32178
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-39812
A improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox PaaS 5.0.0 through 5.0.5, FortiSandbox PaaS 4.4.0 through 4.4.8,...
CVE-2025-61886
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability CWE-79 vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 through 5.0.4 may allow an attacker to perform an XSS attack via crafted HTTP requests...
Windows Snipping Tool Remote Code Execution Vulnerability
Improper neutralization of special elements used in a command 'command injection' in Windows Snipping Tool allows an unauthorized attacker to execute code locally...
SQL Server Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...
Microsoft Power Apps Desktop Client Spoofing Vulnerability
Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to perform spoofing over a network...
.NET Spoofing Vulnerability
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...
PT-2026-32839
Name of the Vulnerable Software and Affected Versions .NET versions 8.0.0 through 8.0.25 .NET versions 9.0.0 through 9.0.14 .NET versions 10.0.0 through 10.0.5 Description Improper neutralization of special elements in System.Net.Mail allows an unauthorized attacker to perform a spoofing attack...
PT-2026-32687
Name of the Vulnerable Software and Affected Versions FortiSandbox versions 4.4.0 through 4.4.8 Description An OS command injection flaw exists in the JRPC API due to improper neutralization of the pipe symbol | when processing the jid parameter. This allows an unauthenticated remote attacker to...
PT-2026-32720
Name of the Vulnerable Software and Affected Versions Microsoft Office SharePoint affected versions not specified Description Improper neutralization of input during web page generation leads to cross-site scripting, which allows an authorized attacker to perform spoofing over a network...
PT-2026-32835
Name of the Vulnerable Software and Affected Versions SQL Server affected versions not specified Description Improper neutralization of special elements used in an sql command SQL injection allows an authorized attacker to elevate privileges locally. SQL injection is a technique where an attacker...
CVE-2026-32178
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network...
PT-2026-32841
Name of the Vulnerable Software and Affected Versions Windows Snipping Tool affected versions not specified Description Improper neutralization of special elements used in a command allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. Recommendatio...
EUVD-2026-21988
Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via Network Report. This issue affects Pandora FMS: from 777 through 800...
EUVD-2026-21994
Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800...
EUVD-2026-21996
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...
CVE-2026-30813
CVE-2026-30813 describes an SQL Injection vulnerability in Pandora FMS versions 777 through 800, caused by improper neutralization of special elements in SQL commands used during the module search. The affected component is the module search functionality; root cause is inadequate input handling ...
CVE-2026-30812 Stored Cross-Site Scripting in Event Comments via Filter Bypass
Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800...
PT-2026-32387
Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800...