CVE-2026-27847

Due to improper neutralization of special elements, SQL statements can be injected via the handshake of a TLS-SRP connection. This can be used to inject known credentials into the database that can be utilized to successfully complete the handshake and use the protected service. This issue affect...

CVE-2026-22568

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

CVE-2026-2969

A flaw has been found in datapizza-labs datapizza-ai 0.0.2. Affected is the function ChatPromptTemplate of the file datapizza-ai-core/datapizza/modules/prompt/prompt.py of the component Jinja2 Template Handler. This manipulation of the argument Prompt causes improper neutralization of special...

PT-2026-21795

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 Description Dell Wyse Management Suite versions prior to 5.5 are susceptible to a Cross-site Scripting issue. A low privileged attacker with remote access could potentially exploit this, leading...

CVE-2026-22568

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

Improper Neutralization of Special Elements Used in a Template Engine

Overview datapizza-ai-core is a Core components for the datapizza-ai framework Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the ChatPromptTemplate function that utilises Jinja2 Template. An attacker can execute...

CVE-2025-69307

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core: from n/a through = 1.3.6...

CVE-2025-68880

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Reflected XSS.This issue affects Simple Archive Generator: from n/a through = 5.2...

CVE-2025-68031

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in faraz sms افزونه پیامک حرفه ای فراز اس ام اس farazsms allows Reflected XSS.This issue affects افزونه پیامک حرفه ای فراز اس ام اس: from n/a through = 2.7.3...

CVE-2025-68847

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in itex iSape isape allows Reflected XSS.This issue affects iSape: from n/a through = 0.72...

CVE-2026-22357

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Spencer Haws Link Whisper Free link-whisper allows Reflected XSS.This issue affects Link Whisper Free: from n/a through = 0.9.2...

CVE-2026-26093

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-26093 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-2333

The CVE is for Owl opds 2.2.0.4, where the vulnerability arises from Improper Neutralization of Special Elements used in a Command (Command Injection). The affected component is Owl opds 2.2.0.4, and the issue is exploitable via a crafted network request. Metrics indicate a CRITICAL base score of...

CVE-2026-2333 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2026-2333 Improper Neutralization of Special Elements used in a Command ('Command Injection') in Owl opds

Improper Neutralization of Special Elements used in a Command 'Command Injection' in Owl opds 2.2.0.4 allows Command Injection via a crafted network request...

CVE-2025-69306

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TeconceTheme Electio Core electio-core allows Blind SQL Injection.This issue affects Electio Core: from n/a through = 1.4...

CVE-2025-69296

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GhostPool Aardvark aardvark allows Reflected XSS.This issue affects Aardvark: from n/a through = 4.6.3...

CVE-2025-68847

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in itex iSape isape allows Reflected XSS.This issue affects iSape: from n/a through = 0.72...

CVE-2025-67984

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in calliko NPS computy nps-computy allows DOM-Based XSS.This issue affects NPS computy: from n/a through = 2.8.2...