124 matches found
CVE-2026-40478 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf
Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanisms. Although the library provides mechanisms to prevent expression injection, it fails to properly...
ROS-20260417-73-0045
Vulnerability in glpi is related to failure to take measures to neutralize special elements in the template creation mechanism. Exploitation of the vulnerability may allow an attacker to execute arbitrary code...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the web page generation process. An attacker can execute arbitrary scripts in the context of a user's browser by supplying crafted input that is not properly neutralized. Details Cross-site scripting or XSS i...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the web page generation process. An attacker can execute arbitrary scripts in the context of a user's browser by supplying crafted input that is not properly neutralized. Details Cross-site scripting or XSS i...
PT-2026-3968
Name of the Vulnerable Software and Affected Versions highwarden Super Interactive Maps versions through 2.3 Description The software contains a flaw related to improper handling of user-supplied data during web page creation, which can lead to Reflected Cross-site Scripting XSS. This allows an...
WordPress plugin Easy Appointments 安全漏洞
WordPress Easy Appointments plugin is a free WordPress appointment management plugin, mainly used to create and manage service appointment system, support multi-location, multi-service, multi-staff appointment function. A cross-site scripting vulnerability exists in the WordPress Easy Appointment...
Polska Akademia Dostępności CMS SQL注入漏洞
Polska Akademia Dostępności CMS is an accessible web content management system from Polska Akademia Dostępności, Poland. Polska Akademia Dostępności CMS suffers from an SQL injection vulnerability that stems from improperly neutralized inputs to the article locator function, which could lead to a...
The vulnerability of the DDSH CLI interface for Dell EMC Data Domain Operating Systems allows a perpetrator to execute arbitrary commands.
The vulnerability of the DDSH CLI interface for Dell EMC Data Domain Operating Systems is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow attackers to execute arbitrary commands...
The vulnerability of the GitK browser extension “gitk filename”, which allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the gitk browser extension exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability can allow attackers to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the PAN-OS operating system, related to the failure to take measures to neutralize special elements, allows a perpetrator to execute arbitrary commands.
The vulnerability of the PAN-OS operating system is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a perpetrator to execute arbitrary commands with root privileges...
The vulnerability of the operating environment for managing and maintaining the Dell Unity Operating Environment (DELL Unity Operating Environment) storage system lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to enhance their privileges and execute arbitrary commands.
The vulnerability of the Dell Unity Operating Environment’s operating system for storing and managing data involves the lack of measures taken to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability can allow a malicious actor to increase their...
The vulnerability of the Tenda AX12 Wi-Fi router’s microprogramming software lies in the lack of measures to neutralize the special elements used in the operating system’s command set. This allows a hacker to execute arbitrary commands.
The vulnerability of the microprogrammed Wi-Fi router Tenda AX12 relates to the lack of measures taken to neutralize special elements used in the operating system’s command processing when handling the list parameter. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
The vulnerability of the plugin “Export to Excel. Exporting product catalogs for 1C-Bitrix. Creating price lists” allows a perpetrator to execute arbitrary commands.
The vulnerability of the plugin “Export to Excel. Exporting product catalogs for 1C-Bitrix. Creating price lists” is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute...
The vulnerability of the “Mass Processing of Infobox Elements (Products)” plugin, which arises from failing to take measures to neutralize special elements, allows a violator to execute arbitrary commands.
The vulnerability of the “Massive Processing of Infoblock Elements Products” plugin is related to the failure to take measures to neutralize special elements used in the operating system’s commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the iTop web tool for managing IT services arises from the lack of measures to neutralize special elements, allowing attackers to execute arbitrary code.
The vulnerability of the iTop IT service management web tool is related to the lack of measures taken to neutralize special elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
The vulnerability in the web interface for controlling microprogrammed IP phones of the Cisco Small Business SPA500 series allows attackers to perform cross-site scripting attacks.
The vulnerability in the web interface for managing microprogrammed IP phones of the Cisco Small Business SPA500 series is related to the lack of measures taken to neutralize HTML tags. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting attacks...
CVE-2024-50426
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Survey Maker survey-maker allows Stored XSS.This issue affects Survey Maker: from n/a through = 5.0.2...
The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system allows a perpetrator to execute arbitrary commands.
The vulnerability of the GUI component of the FortiSandbox threat detection and mitigation system exists because measures to neutralize its special elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the operating environment for managing and maintaining the Dell Unity Operating Environment (DELL Unity OE) lies in the lack of measures taken to neutralize special elements used in the operating system’s command set. This allows attackers to enhance their privileges and execute arbitrary commands.
The vulnerability of the Dell Unity Operating Environment’s operating environment for data storage management and operation is related to the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability can allow attackers to enhance...
The vulnerability of the Dell Unity Operating Environment’s operating environment for managing and maintaining data storage allows attackers to gain access to, read, modify, and delete arbitrary files. This vulnerability arises from the lack of measures taken to neutralize special elements used in the operating system’s command set.
The vulnerability of the Dell Unity Operating Environment’s operating environment for data storage management and operation is related to the lack of measures taken to neutralize special elements used in the operating system. Exploiting this vulnerability can allow a malicious actor, acting...