4coders-commons (>=0.0.1 <=0.0.2), @11ty/eleventy (=0.3.3) +3647 more potentially affected by CVE-2026-33940 via handlebars (>=4.0.0 <=4.7.8)

handlebars NPM version =4.0.0, =0.0.1, =0.1.0, =0.1.0, =0.0.11, =0.0.52, =0.1.0, =0.0.72, =0.1.0, =1.1.1, =0.0.0-3b548b7bf6ff6554f724240da3a11be924237e6c, =1.16.0, =1.16.0, =1.16.0, =2.4.4 and more Source cves: CVE-2026-33940 Source advisory: OSV:GHSA-XHPV-HC6G-R9C6...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

💥 BUG Stored xss via signup page 💥 VERSION TESTED latest version as of 4/7/21 💥 IMPACT xss allow to execute arbitary javascript in vicitm account 💥 STEP TO REPRODUCE 1. goto http://localhost/online-rental/app/admin/pageSettings.php and click on Sign Up tab . Here allow signup.\ now put bellow xss...

Train speech for kids 4-7 Free - Dynamic Code Loading, External URLs, SD-card access vulnerabilities

HackApp vulnerability scanner discovered that application Train speech for kids 4-7 Free published at the 'play' market has multiple vulnerabilities...

Unfixed XSS vulnerability at www.2-4-7-music.com

Security researcher cyber, has submitted on 10/04/2007 a cross-site-scripting XSS vulnerability affecting www.2-4-7-music.com, which at the time of submission ranked 1039811 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/04/2007. It is...