8766 matches found
CVE-2026-9694
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially...
CVE-2026-9694
GitLab CE/EE (all supported lines affected) had a vulnerability allowing an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply. Root cause: improper neutralization in email template processing. Remediation: patc...
PT-2026-48657
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.9 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue in email template processing allows an unauthenticated user to impersonate the GitLab Support...
PT-2026-48658
Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...
CVE-2026-45501
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-45481
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-42835
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...
CVE-2026-25089
A improper neutralization of special elements used in an os command 'os command injection' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4 through 5.0.5, FortiSandbox PaaS 5.0.4 through 5.0.5 may...
CVE-2026-49069
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21...
EUVD-2026-35511
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-47638
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45479
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45468
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-45465
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
CVE-2026-42835
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...
CVE-2026-41098
Improper neutralization of input during web page generation 'cross-site scripting' in Azure Stack Edge allows an authorized attacker to perform spoofing over a network...
CVE-2026-45465
CVE-2026-45465 : The vulnerability affects Microsoft Office SharePoint Server and is due to improper neutralization of input during web page generation, resulting in a cross-site scripting (XSS) issue. An authorized attacker can perform network-based spoofing. According to the provided descriptio...
CVE-2026-45462
The CVE-2026-45462 entry describes an XSS vulnerability in Microsoft Office SharePoint where improper neutralization of input during web page generation can enable spoofing over a network. According to the connected records, impact is limited to spoofing with Confidentiality/Integrity/Availabilit...
CVE-2026-47639
CVE-2026-47639 affects Microsoft Office SharePoint Server. The description identifies an Improper neutralization of input during web page generation (XSS) that enables an authorized attacker to perform spoofing over a network. Connected sources corroborate an XSS payload risk in SharePoint, leadi...
CVE-2026-45500
CVE-2026-45500: A cross-site scripting issue in Microsoft Exchange Server arises from improper neutralization of input during web page generation. This vulnerability could enable an unauthorized attacker to perform spoofing over the network. Documents identify Microsoft Exchange Server as affecte...