8743 matches found
PT-2026-28058
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Taboola Taboola Pixel taboola-pixel allows Reflected XSS.This issue affects Taboola Pixel: from n/a through = 1.1.4...
PT-2026-27895
Name of the Vulnerable Software and Affected Versions Jaroti versions prior to 1.4.8 Description An issue exists in Jaroti that allows for Reflected Cross-Site Scripting XSS. This occurs due to improper handling of user-supplied input during web page generation. The vulnerability allows an attack...
PT-2026-27925
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in King-Theme Lumise Product Designer lumise allows Blind SQL Injection.This issue affects Lumise Product Designer: from n/a through 2.0.9...
PT-2026-27868
Name of the Vulnerable Software and Affected Versions NooTheme Organici Library versions n/a through 2.1.2 Description The software contains a flaw due to improper handling of input during the creation of web pages, leading to a 'cross-site scripting' issue. This allows for reflected cross-site...
PT-2026-28013
Name of the Vulnerable Software and Affected Versions QuantumCloud ChatBot versions through 7.7.9 Description A flaw exists in QuantumCloud ChatBot that allows for Blind SQL Injection due to improper neutralization of special elements used in an SQL command. This issue could potentially allow an...
PT-2026-27872
Name of the Vulnerable Software and Affected Versions NooTheme Jobica Core versions through 1.4.1 Description The software contains a flaw due to improper input handling during web page creation, which allows for Reflected Cross-Site Scripting XSS. This means a malicious actor could inject script...
PT-2026-27985
Name of the Vulnerable Software and Affected Versions G5Theme Darna Framework versions through 2.9 Description The Darna Framework contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-Site Scripting XSS condition. This allows for the...
PT-2026-28057
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OOPSpam Team OOPSpam Anti-Spam oopspam-anti-spam allows Stored XSS.This issue affects OOPSpam Anti-Spam: from n/a through = 1.2.62...
PT-2026-28035
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Northern Beaches Websites WP Custom Admin Interface wp-custom-admin-interface allows DOM-Based XSS.This issue affects WP Custom Admin Interface: from n/a through = 7.42...
PT-2026-28131
Name of the Vulnerable Software and Affected Versions IBM Maximo Application Suite - Monitor Component versions 9.1, 9.0, 8.11, and 8.10 Description The software allows an unauthorized user to inject data into log messages because of insufficient sanitization of special characters when writing to...
PT-2026-28030
Name of the Vulnerable Software and Affected Versions Miraculous Core Plugin versions prior to 2.1.2 Description The Miraculous Core Plugin contains a flaw due to improper neutralization of special elements within SQL commands, leading to a Blind SQL Injection condition. This allows for potential...
Siemens SIMATIC Improper Neutralization of Input During Web Page Generation (CVE-2025-40943)
Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right Read diagnostics, to import a specially crafted trace file. The malicious trace file is insufficiently sanitized...
Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities related to Apache Tomcat.
Summary IBM DevOps Release 7.0.0.6 addresses multiple vulnerabilities related to Apache Tomcat. Vulnerability Details CVEID:CVE-2025-12383 DESCRIPTION: In Eclipse Jersey versions 2.45, 3.0.16, 3.1.9 a race condition can cause ignoring of critical SSL configurations - such as mutual authentication...
PT-2026-27201
Name of the Vulnerable Software and Affected Versions Salesforce Marketing Cloud Engagement versions prior to January 30, 2026 Description Improper neutralization of argument delimiters in a command, known as argument injection, allows for Web Services Protocol Manipulation. Recommendations Updat...
Siemens APE1808 Improper Neutralization of Script in Attributes in a Web Page (CVE-2025-4615)
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. This plugin only works with Tenable.ot. Please visit...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview vanna is a Generate SQL queries from natural language Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the exec function in the /src/vanna/legacy file. An attacker can execute arbitrar...
CVE-2025-62845 QuRouter
An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...
CVE-2025-62845
An improper neutralization of escape, meta, or control sequences vulnerability has been reported to affect QHora. If a local attacker gains an administrator account, they can then exploit the vulnerability to cause unexpected behavior. We have already fixed the vulnerability in the following...
EUVD-2024-29030
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Vasilis Triantafyllou Special Box for Content allows DOM-Based XSS.This issue affects Special Box for Content: from n/a through 1...
EUVD-2026-13206
Improper neutralization of special elements used in an os command 'os command injection' in Microsoft Bing Images allows an unauthorized attacker to execute code over a network...