24 matches found
CVE-2026-52725
Angular CVE-2026-52725 concerns an issue in the @angular/core dynamic component creation flow. The vulnerability allows bypassing script-execution restrictions by mounting a dynamic component directly onto a [removed] tag or namespaced script element when a user-controlled host/selector is suppli...
GHSA-692R-GRFM-V8X7 @angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)
An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...
CVE-2026-9264
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
CVE-2026-9264
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
CVE-2026-9264 Cross-Site Scripting in SketchUp Dynamic Components
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
EUVD-2026-31386
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
CVE-2026-9264
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
CVE-2026-9264 Cross-Site Scripting in SketchUp Dynamic Components
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
CVE-2026-9264
CVE-2026-9264 affects SketchUp 2026 where the Dynamic Components feature fails to sanitize inputs in the component options window. The root cause is improper input sanitization, allowing a crafted SKP to run arbitrary system commands and read local files via an embedded Internet Explorer 11 brows...
PT-2026-42704
A cross-site scripting XSS vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to...
CVE-2017-18604
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...
EUVD-2024-43488
Malicious code in bioql PyPI...
CVE-2024-49625
Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through = 1.0...
CVE-2024-49625
Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through = 1.0...
CVE-2024-49625 WordPress SiteBuilder Dynamic Components plugin <= 1.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in sphoid SiteBuilder Dynamic Components sitebuilder-dynamic-components allows Object Injection.This issue affects SiteBuilder Dynamic Components: from n/a through = 1.0...
WordPress plugin SiteBuilder Dynamic Components 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPres...
PT-2024-33580 · Brandon Clark · Brandon Clark Sitebuilder Dynamic Components
Name of the Vulnerable Software and Affected Versions: Brandon Clark SiteBuilder Dynamic Components versions n/a through 1.0 Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in Brandon Clark SiteBuilder Dynamic Components. Recommendations: For...
WordPress SiteBuilder Dynamic Components Plugin <= 1.0 is vulnerable to PHP Object Injection
Software SiteBuilder Dynamic Components Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-49625 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 7e4e11ce38e6 Credits Mika Required privilege...
WordPress sitebuilder-dynamic-components plugin injection vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sitebuilder-dynamic-components is a plugin for inserting dynamic content into static pages. An injection vulnerability exists in the...
CVE-2017-18604
The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request...