Lucene search
K

8771 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.8 views

CVE-2026-39531

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.0...

9.3CVSS5.6AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:9 p.m.10 views

CVE-2026-35071

Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution...

8.2CVSS5.4AI score0.0046EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.12 views

EUVD-2026-34336

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References2
NVD
NVD
added 2026/06/04 11:17 p.m.14 views

CVE-2026-45497

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an authorized attacker to execute code over a network...

8.8CVSS0.00452EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 11:17 p.m.25 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00732EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 10:0 p.m.8 views

CVE-2026-47644

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00732EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/04 2:0 p.m.12 views

Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

7.5CVSS5.8AI score0.00732EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.17 views

PT-2026-46401

Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot Enterprise affected versions not specified Description A critical vulnerability chain known as SearchLeak allows an unauthorized attacker to exfiltrate sensitive corporate data, including email contents, MFA codes, calend...

7.5CVSS6.2AI score0.0764EPSS
Exploits0References56
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.6 views

Microsoft Copilot Chat (Microsoft Edge) 输入验证错误漏洞

Microsoft Copilot Chat is an intelligent dialogue assistant feature integrated into the browser by Microsoft Corporation. Microsoft Copilot Chat has a injection vulnerability, which stems from improper neutralization of special elements in the output of downstream components. This vulnerability...

7.5CVSS5.7AI score0.00732EPSS
Exploits0References1
NVD
NVD
added 2026/06/03 11:16 a.m.16 views

CVE-2025-14773

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24...

8CVSS0.00181EPSS
Exploits0References1
Veracode
Veracode
added 2026/06/03 9:56 a.m.11 views

Cross-Site Scripting (XSS)

drupal/googletag is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of user-supplied input during web page generation, which allows an attacker to inject and execute malicious scripts in a victim's browser through crafted input...

4.8CVSS5.5AI score0.00218EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/03 9:0 a.m.8 views

CVE-2025-15655

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...

7.6CVSS5.8AI score0.00231EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/03 8:24 a.m.10 views

Improper Output Neutralization for Logs

Overview org.webjars.npm:morgan is a HTTP request logger middleware for node.js. Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the :remote-user token, which extracts the Basic auth username from the Authorization header and writes it to the log...

6.9CVSS5.5AI score0.00246EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.9 views

PT-2026-45910

Name of the Vulnerable Software and Affected Versions Mojoomla School Management versions prior to 93.2.0 Description Improper neutralization of special elements used in an SQL command allows for SQL injection, a technique where malicious SQL statements are inserted into entry fields for executio...

7.6CVSS6AI score0.00231EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/02 10:43 a.m.10 views

EUVD-2026-33910

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ahmad WP Job Portal allows Reflected XSS. This issue affects WP Job Portal: from n/a through 2.5.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 9:40 a.m.11 views

EUVD-2025-210033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:40 a.m.11 views

CVE-2025-52759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...

7.1CVSS5.8AI score0.00146EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 3:27 p.m.11 views

EUVD-2026-33691

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...

9.3CVSS5.8AI score0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 2:44 p.m.13 views

EUVD-2026-33653

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 2:44 p.m.11 views

CVE-2026-42683 WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in e4jvikwp VikBooking Hotel Booking Engine & PMS allows DOM-Based XSS. This issue affects VikBooking Hotel Booking Engine & PMS: from n/a through 1.8.8...

7.1CVSS5.8AI score0.00142EPSS
Exploits0References1
Rows per page
Query Builder