CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

CVE-2026-45665 Open WebUI: Stored XSS in Banner Component via Improper Sanitization Order

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

PT-2026-41198

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description A Stored Cross-Site Scripting XSS issue exists in the Banner component due to an improper sanitization order where DOMPurify.sanitize is executed before marked.parse. This allows a malicious...

CVE-2026-22809

tarteaucitron.js has a ReDoS vulnerability in the handling of the issuu_id parameter, fixed in version 1.29.0. Prior to 1.29.0, insufficiently constrained regex could cause excessive backtracking and CPU consumption. Upgrading to 1.29.0 or applying the mitigation described in public advisories is...

Synology DiskStation Manager (DSM) RCE Vulnerability (Synology-SA-24:20) - Unreliable Remote Version Check

Synology DiskStation Manager DSM is prone to a remote code execution RCE vulnerability. This VT has been deprecated as a duplicate of the VT SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

EUVD-2018-2316

Malware in sbrugna...

EUVD-2015-4708

Malware in sbrugna...

PT-2025-41199

Name of the Vulnerable Software and Affected Versions OPEXUS FOIAXpress versions prior to 11.13.3.0 Description An administrative user can inject JavaScript or other content into the Annual Report Enterprise Banner image upload field. This injected content is executed when other users generate an...

QNAP QuTS Hero Multiple Vulnerabilities (QSA-25-36)

QNAP QuTS Hero is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qutshero"; ifdescriptio...

EUVD-2024-52119

Malicious code in bioql PyPI...

CVE-2025-31476

tarteaucitron.js is a compliant and accessible cookie banner. A vulnerability was identified in tarteaucitron.js, allowing a user with high privileges access to the site's source code or a CMS plugin to enter a URL containing an insecure scheme such as javascript:alert. Before the fix, URL...

WordPress Jeg Elementor Kit plugin <= 2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via JKit - Banner vulnerability

WordPress Jeg Elementor Kit plugin = 2.6.4 - Authenticated Contributor+ Stored Cross-Site Scripting via JKit - Banner vulnerability discovered by wesley wcraft in WordPress Plugin Jeg Elementor Kit versions = 2.6.4...

Cisco Nexus and MDS NX-OS Denial of Service Vulnerabilities

Cisco NX-OS on Nexus 4000 devices, etc. and MDS 9000 devices is the United States Cisco Cisco company's set of operating system running in the Nexus 4000 and other series of switch equipment and MDS 9000 series of fiber optic switch equipment. A security vulnerability exists in the implementation...