EUVD-2026-15453

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...

CVE-2026-3216

CVE-2026-3216 affects Drupal Canvas module prior to 1.1.1. The privilege-requiring SSRF arises when the hidden Drupal Canvas AI submodule is enabled (often via Drupal Recipes or deployment scripts) and improper sanitization of user-supplied data in messages JSON payloads is exploited. An attacker...

CVE-2026-2349 UI Icons - Critical - Cross-site Scripting - SA-CONTRIB-2026-010

Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal UI Icons allows Cross-Site Scripting XSS.This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1...

CVE-2026-2349

CVE-2026-2349: Drupal UI Icons XSS due to improper input neutralization. Affected: UI Icons module (versions 0.0.0–1.0.1 and 1.1.0–1.1.1). Condition: vulnerability requires the UI Icons for CKEditor 5 submodule to be enabled. Root cause: insufficient sanitization of user input leading to reflecte...

Peppol-py 代码问题漏洞

Peppol-py is a Python library open-sourced by Iteras. A code issue vulnerability exists in Peppol-py versions prior to 1.1.1, which stems from a Saxon misconfiguration that could lead to an XXE attack...

PT-2023-4421 · Clamav +3 · Clamav +3

Name of the Vulnerable Software and Affected Versions: ClamAV versions prior to 1.1.1 ClamAV versions prior to 1.0.2 ClamAV versions prior to 0.103.9 Description: A vulnerability in the filesystem image parser for Hierarchical File System Plus HFS+ of ClamAV could allow an unauthenticated, remote...

PT-2019-7796

Name of the Vulnerable Software and Affected Versions Elegant Themes Bloom plugin versions prior to 1.1.1 Description The issue allows for privilege escalation. Recommendations For versions prior to 1.1.1, update to version 1.1.1 or later to resolve the issue...