1062 matches found
golang: html/template: errors returned from MarshalJSON methods may break template escaping
A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...
CVE-2026-28132
The CVE-2026-28132 issue affects the WordPress WooCommerce Photo Reviews plugin by Villatheme, specifically versions up to and including 1.4.4. The vulnerability is described as Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) that enables Code Injection. The availabl...
CVE-2026-28132 WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...
CVE-2026-28132 WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through = 1.4.4...
CVE-2026-2731
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...
CVE-2026-2731
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...
CVE-2026-2731
The CVE describes an unauthenticated remote code execution vulnerability in Dynamicweb 8 and 9 due to path traversal and content injection in JobRunnerBackground.aspx. Affected versions are Dynamicweb 8 (all) and Dynamicweb 9 before 9.19.7 and before 9.20.3. The issue enables unauthenticated atta...
CVE-2026-2731 Unauthenticated RCE in Dynamicweb 9 and Dynamicweb 8
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...
PT-2026-20649
Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 all and 9 9.19.7 and 9.20.3 allows unauthenticated attackers to execute code via simple web requests...
DynamicWeb 安全漏洞
DynamicWeb is a full-stack digital experience platform developed by the American company DynamicWeb. Versions of DynamicWeb prior to 9.9.19.7 and 9.20.3 contained security vulnerabilities. These vulnerabilities were caused by path traversal and content injection in the JobRunnerBackground.aspx...
Linux Distros Unpatched Vulnerability : CVE-2025-14560
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...
CVE-2025-14560
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...
Vulnerabilities fixed in GitLab CE/EE
GitLab has fixed vulnerabilities in GitLab CE/EE Specifically for versions prior to 18.6.6, 18.7.4, and 18.8.4. The vulnerabilities include server-side request forgery, unauthorized access to internal network services, injection of malicious content, unauthorized actions via the GLQL API,...
CVE-2025-14560
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious conten...
CVE-2025-29867
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...
CVE-2025-29867
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...
CVE-2025-29867
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...
CVE-2025-29867
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...
EUVD-2025-206779
Access of Resource Using Incompatible Type 'Type Confusion' vulnerability in Hancom Inc. Hancom Office 2018, Hancom Inc. Hancom Office 2020, Hancom Inc. Hancom Office 2022, Hancom Inc. Hancom Office 2024 allows File Content Injection.This issue affects Hancom Office 2018: before 10.0.0.12681;...
CVE-2025-29867
CVE-2025-29867 describes a type confusion vulnerability in Hancom Office products (Office 2018, 2020, 2022, 2024) that permits file content injection. Affected versions are: Office 2018 before 10.0.0.12681; Office 2020 before 11.0.0.8916; Office 2022 before 12.0.0.4426; Office 2024 before 13.0.0....