Tiny Technologies TinyMCE 跨站脚本漏洞

TinyMCE is a rich text editor developed by Tiny Technologies in the United States. Versions of TinyMCE prior to 5.11.1, 7.9.3, and 8.5.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from forged mce:protected annotations, which could lead to storage-type XSS attacks...

CVE-2026-41408

OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk space by downloading media files without triggering intended safety restrictions, causing availabilit...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from allowing attackers to bypass subject cleanup and forge tags...

Incomplete Cleanup

Overview Affected versions of this package are vulnerable to Incomplete Cleanup via the handleexit function due to being interrupted by a SIGTERM signal, the program terminates immediately using os.exit1, bypassing cleanup code. Remediation Upgrade codecarbon to version 2.8.4 or higher. Reference...

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet that stems from an attacker being able to bypass the cleanup program and implement an XML external entity attack...

Mastodon Cross-Site Scripting Vulnerability

Mastodon is an open source social network server based on ActivityPub. A cross-site scripting vulnerability exists in Mastodon versions prior to 3.5.14, prior to 4.0.10, prior to 4.1.8, and prior to 4.2.0-rc2, which stems from the fact that under certain circumstances, an attacker can abuse the...

Mastodon 跨站脚本漏洞

Mastodon is an open source social network server based on ActivityPub. Mastodon suffers from a cross-site scripting vulnerability. An attacker exploits this vulnerability to bypass HTML cleanup and include arbitrary HTML in oEmbed preview cards...

Open-Xchange OX App Suite 跨站脚本漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange, a German company. A cross-site scripting vulnerability exists in Open-Xchange OX App Suite versions 7.10.6 and below, which stems from the ability to bypass existing HTML file cleanup and filtering...

Ingress-nginx 安全漏洞

Ingres is a database system at the University of California, Berkeley University. Ingress-nginx has a security vulnerability that stems from the ability to bypass path cleanup using the logformat directive...

CKEditor 跨站脚本漏洞

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor 4 versions prior to 4.18.0, which stems from a vulnerability discovered in the core HTML processing module that affects all plugins used in CKEditor4 versions prior to 4.18.0. The...

CKEditor 跨站脚本漏洞

CKEditor is a set of open source, web-based text editors.A cross-site scripting vulnerability exists in CKEditor, which allows attackers to bypass content cleanup to inject misformatted HTML, which could lead to the execution of JavaScript code. No detailed vulnerability details are currently...