14 matches found
CVE-2026-42835
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...
PT-2026-47878
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Teams for Android allows an authorized attacker to disclose information over a network...
CVE-2026-47644
Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...
CVE-2026-42838
Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-26164
Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...
PT-2026-40259
Name of the Vulnerable Software and Affected Versions Microsoft Edge Chromium-based affected versions not specified Description Improper neutralization of special elements in output used by a downstream component injection allows an unauthorized attacker to elevate privileges over a network...
Siemens RUGGEDCOM ROX II Improper Neutralization of Special Elements in Output Used By a Downstream Component (CVE-2024-56838)
Code injection can be achieved when the affected device is using VRF Virtual Routing and Forwarding. An attacker could leverage this scenario to execute arbitrary code as root user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...
Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2017-17512)
sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument. This plugin...
The vulnerability of microprogramming software in Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM) arises from improper elimination of special elements in output data, allowing attackers to trigger a service failure.
The vulnerability of Microprogramming Software under Intel Active Management Technology AMT and Intel Standard Manageability ISM is related to incorrect elimination of special elements in output data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the application management tools and Flatpak environments lies in the improper elimination of special elements at the output stage, which are used by subordinate components. This allows attackers to gain access to confidential data and compromise its integrity.
The vulnerability of the application management tools and Flatpak environments is related to improper elimination of special elements at the output stage, which are used by lower-level components. Exploiting this vulnerability can allow an attacker to gain access to confidential data and compromi...
The vulnerability of the DCH-compatible Thunderbolt driver relates to incorrect elimination of special elements in the output data, allowing attackers to increase their privileges.
The vulnerability of the DCH-compatible Thunderbolt driver is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability can allow an attacker to increase their privileges...
Software vulnerabilities related to application optimization in Intel Optimization for TensorFlow framework, caused by incorrect elimination of special elements in the output data, allow attackers to exploit these vulnerabilities to gain enhanced privileges.
The vulnerability of software for application optimization in Intel Optimization for TensorFlow framework is related to incorrect elimination of certain elements in the output data. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming software VPN routers lies in insufficient cleaning of special elements in the output data used by the incoming component. This allows a malicious actor to execute arbitrary commands.
The vulnerability of the web-based management interfaces for Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W microprogramming systems lies in insufficient cleaning of special elements in the output data used by the incoming component. Exploiting this vulnerability allows a remote...
The vulnerability of the Go programming language lies in the improper elimination of special elements in the output data, allowing attackers to set arbitrary environment variables in Windows.
The vulnerability of the Go programming language is related to incorrect elimination of special elements in the output data. Exploiting this vulnerability allows a malicious actor to remotely install arbitrary environments on Windows systems...