CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2026/06/16 9:4 a.m.•10 views

EUVD-2026-37057

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Liquid Web / StellarWP The Events Calendar allows Blind SQL Injection. This issue affects The Events Calendar: from 6.15.12 through 6.16.2...

9.3CVSS5.7AI score0.00236EPSS

Exploits1References1

EUVD•added 2026/06/11 12:28 p.m.•7 views

EUVD-2026-36238

Improper neutralization of special elements used in an expression language statement 'expression language injection' vulnerability in Soagen Informatics Technologies Software and Consulting Inc. Apinizer allows Code Injection. This issue affects Apinizer: from 2026.04.0 before 2026.04.6...

5.3CVSS5.5AI score0.0032EPSS

Exploits1References1

CNNVD•added 2026/06/11 12:0 a.m.•10 views

Soagen Apinizer 安全漏洞

Soagen Apinizer is an API management and API gateway platform developed by the Turkish company Soagen. Versions of Soagen Apinizer from 2026.04.0 to 2026.04.6 contained security vulnerabilities. These vulnerabilities were caused by improper handling of special elements in expressions language...

9.8CVSS5.4AI score0.0032EPSS

Exploits1References1

Snyk•added 2026/06/09 12:0 a.m.•6 views

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the @Query regex parameter binding when a bound parameter is placed inside a regular expression literal using \Q...\E quoting e.g. @Query" name : /^\\Q?0\\E$/ "...

8.2CVSS5.3AI score0.00257EPSS

Redos•added 2026/06/08 12:0 a.m.•3 views

ROS-20260608-73-0024

The vulnerability of the .NET software platform is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to perform spear-phishing attacks...

7.5CVSS5.5AI score0.0111EPSS

Redos•added 2026/06/08 12:0 a.m.•6 views

ROS-20260608-73-0021

7.5CVSS5.5AI score0.0111EPSS

Redos•added 2026/06/08 12:0 a.m.•5 views

ROS-20260608-73-0020

7.5CVSS5.5AI score0.0111EPSS

EUVD•added 2026/06/05 12:31 a.m.•7 views

EUVD-2026-34336

Improper neutralization of special elements in output used by a downstream component 'injection' in Copilot Chat Microsoft Edge allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00503EPSS

EUVD•added 2026/06/05 12:31 a.m.•9 views

EUVD-2026-34334

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

6.5CVSS5.8AI score0.00503EPSS

CNNVD•added 2026/06/03 12:0 a.m.•4 views

WordPress plugin School Management SQL注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

7.6CVSS5.8AI score0.00231EPSS

EUVD•added 2026/06/01 3:27 p.m.•8 views

EUVD-2026-33691

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Wp Directory Kit WP Directory Kit allows Blind SQL Injection. This issue affects WP Directory Kit: from n/a through 1.5.1...

9.3CVSS5.8AI score0.00236EPSS

Redos•added 2026/05/24 12:0 a.m.•10 views

ROS-20260524-73-0037

Vulnerability in vim text editor is related to failure to take measures to neutralize special elements. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

8.2CVSS6.5AI score0.00417EPSS

Redos•added 2026/05/24 12:0 a.m.•10 views

ROS-20260524-73-0028

Vulnerability in vim related to failure to take measures to neutralize special elements used in operating system commands. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary commands...

7.3CVSS6.9AI score0.00734EPSS

NVD•added 2026/05/22 11:16 p.m.•9 views

CVE-2026-42827

Improper neutralization of special elements used in a command 'command injection' in M365 Copilot allows an unauthorized attacker to disclose information over a network...

7.5CVSS0.00671EPSS

EUVD•added 2026/05/22 10:3 p.m.•9 views

EUVD-2026-31512

Improper neutralization of special elements used in a command 'command injection' in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network...

9.3CVSS5.8AI score0.0056EPSS

ATTACKERKB•added 2026/05/20 6:20 p.m.•9 views

CVE-2026-9082

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Drupal Drupal core allows SQL Injection. This issue affects Drupal core: from 8.9.0 before 10.4.10, from 10.5.0 before 10.5.10, from 10.6.0 before 10.6.9, from 11.0.0 before 11.1.10, from 11.2.0...

6.5CVSS5.8AI score0.33665EPSS

Exploits12References2Affected Software1

EUVD•added 2026/05/20 6:20 p.m.•9 views

EUVD-2026-31153

6.5CVSS5.8AI score0.33665EPSS

Exploits12References1

EUVD•added 2026/05/12 6:30 p.m.•6 views

EUVD-2026-29714

Improper neutralization of special elements in output used by a downstream component 'injection' in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

5.4CVSS5.8AI score0.0024EPSS

EUVD•added 2026/05/12 6:30 p.m.•8 views

EUVD-2026-29580

Improper neutralization of special elements in output used by a downstream component 'injection' in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network...

8.2CVSS5.8AI score0.00498EPSS