CVE-2026-4992

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

EUVD-2026-16898

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2026-4992

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2026-4992

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2026-4992 wandb OpenUI HTMLAnnotator server.py get_share HTML injection

A flaw has been found in wandb OpenUI up to 1.0. This affects the function createshare/getshare of the file backend/openui/server.py of the component HTMLAnnotator Component. Executing a manipulation of the argument ID can lead to HTML injection. The attack may be performed from remote. The explo...

CVE-2026-4992

WandB OpenUI vulnerability CVE-2026-4992 affects the HTMLAnnotator component, specifically the create_share/get_share function in backend/openui/server.py. The issue arises from manipulating the ID argument, enabling HTML injection. Exploitation is possible remotely and the exploit has been publi...

GHSA-46J8-VPX8-6P72 Home Assistant has stored XSS in history-graphs

Summary The "remaining charge time"-sensor for mobile phones imported/included from Android Auto it appears is vulnerable to the same issue as CVE-2025-62172. This also indicates that any sensor showing their name in the history-graph, is likely to be vulnerable to this issue. Details Another...

Security Bulletin: Multiple vulnerabilities have been addressed in IBM Aspera Shares

Summary Multiple vulnerabilities have been addressed in IBM Aspera Shares Version 1.11.1 Vulnerability Details CVEID:CVE-2025-13916 DESCRIPTION: IBM Aspera Shares uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information CWE:CWE-327: U...

BIT-DISCOURSE-2026-27166 Discourse vulnerable to HTML injection via prohibited iframe URLs

Discourse is an open source discussion platform. Prior to versions 2026.3.0, 2026.2.1 and 2026.1.2, insufficient cleanup in the default Codepen allowed iframes value allows an attacker to trick a user into changing the URL of the main page. This issue has been fixed in versions 2026.3.0, 2026.2.1...

PT-2026-28710

Name of the Vulnerable Software and Affected Versions wandb OpenUI versions up to 1.0 Description A flaw exists in wandb OpenUI, specifically within the HTMLAnnotator component. The issue resides in the create share/get share function located in the backend/openui/server.py file. Manipulation of...

OpenUI 代码注入漏洞

OpenUI is an open-source UI program developed byWeights & Biases. Versions of OpenUI 1.0 and earlier had a code injection vulnerability, which was caused by incorrect handling of parameter IDs, potentially leading to HTML injection...

CVE-2026-33664

Kestra 1.x (up to 1.3.3) is vulnerable to Stored Cross-Site Scripting in Markdown-based YAML flow metadata. The issue arises when user-supplied flow YAML fields—specifically description, inputs[].displayName, and inputs[].description—are rendered by Markdown.vue with html: true and then injected ...

CVE-2025-57543

Cross Site scripting vulnerability XSS in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts...

CVE-2026-32040

OpenClaw versions prior to 2026.2.23 contain an html injection vulnerability in the HTML session exporter that allows attackers to execute arbitrary javascript by injecting malicious mimeType values in image content blocks. Attackers can craft session entries with specially crafted mimeType...

CVE-2025-69237

Raytha CMS is vulnerable to Stored XSS via FieldValues0.Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. This issue was fixed in versi...

CVE-2025-62320

HTML Injection can be carried out in Product when a web application does not properly check or clean user input before showing it on a webpage. Because of this, an attacker may insert unwanted HTML code into the page. When the browser loads the page, it may automatically interact with external...

CVE-2026-31833

Umbraco is an ASP.NET CMS. From 16.2.0 to before 16.5.1 and 17.2.2, An authenticated backoffice user with access to Settings can inject malicious HTML into property type descriptions. Due to an overly permissive attributeNameCheck configuration /.+/ in the UFM DOMPurify instance, event handler...

CVE-2026-25529

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

CVE-2026-33517

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...