8743 matches found
PT-2026-23375
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup UberSlider PerpetuumMobile uberSlider perpetuummobile allows Reflected XSS.This issue affects UberSlider PerpetuumMobile: from n/a through = 2.3...
PT-2026-24344
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.14.25 GitHub Enterprise Server versions prior to 3.15.20 GitHub Enterprise Server versions prior to 3.16.16 GitHub Enterprise Server versions prior to 3.17.13 GitHub Enterprise Server versions prior...
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview mcp-nmap-server is a MCP server for performing network scanning using NMAP Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the childprocess.exec function in the Nmap CLI Command...
AIDE Vulnerable to Improper Output Neutralization via Terminal Escape Sequences in Log and Report Output
AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...
PT-2026-22467
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip TimePictra allows Query System for Information.This issue affects TimePictra: from 11.0 through 11.3 SP2...
CVE-2025-11252
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Signum Technology Promotion and Training Inc. Windesk.Fm allows SQL Injection.This issue affects windesk.Fm: through 27022026. NOTE: The vendor was contacted early about this disclosure but did not...
EUVD-2025-208137
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection.This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosur...
CVE-2025-11251
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Dayneks Software Industry and Trade Inc. E-Commerce Platform allows SQL Injection. This issue affects E-Commerce Platform: through 27022026. NOTE: The vendor was contacted early about this disclosu...
CVE-2026-28083
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through = 3.20.5...
CVE-2026-21654
Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows OS Command Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security o...
Improper Neutralization of Input Used for LLM Prompting
Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Improper Neutralization of Input Used for LLM Prompting via the Guardrail node. An attacker can modify workflow input to circumvent intended restrictions by crafting specific input values. Workaround This...
EUVD-2025-208120
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS.This issue affects E-Commerce Product: through 10122025...
CVE-2025-14343 Reflected XSS in Dokuzsoft Technology's E-Commerce Product
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Dokuzsoft Technology Ltd. E-Commerce Product allows Reflected XSS. This issue affects E-Commerce Product: through 10122025...
CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2025-64999
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2025-64999 Cross-site scripting in HTML logs of Synthetic Monitoring test services
Improper neutralization of input in Checkmk versions 2.4.0 before 2.4.0p22, and 2.3.0 before 2.3.0p43 allows an attacker that can manipulate a host's check output to inject malicious JavaScript into the Synthetic Monitoring HTML logs, which can then be accessed via a crafted phishing link...
CVE-2026-28136
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through = 6.9.12...
EUVD-2026-8649
Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affect...
EUVD-2026-8650
Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...