CVE-2026-1640

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...

CVE-2025-14289

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

PT-2026-20961

Name of the Vulnerable Software and Affected Versions Pi-hole versions 6.0 through 6.4.0 Description Pi-hole Admin Interface, a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application, contains a Stored HTML Injection issue in the active sessions table on...

PT-2026-20953

Name of the Vulnerable Software and Affected Versions Pi-hole versions 6.4 and below Description Pi-hole Admin Interface, a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application, is susceptible to stored HTML injection through the local DNS records...

PT-2026-20894

Name of the Vulnerable Software and Affected Versions GFI MailEssentials AI versions prior to 22.4 Description The software contains a stored cross-site scripting issue in the Sender Policy Framework IP Exceptions interface. A logged-in user can inject HTML or JavaScript code into the...

PT-2026-20873

When using in server-side rendering, the provided tag name is not validated or sanitized before being emitted into the HTML output. If the tag string contains unexpected characters, it can result in HTML injection in the SSR output. Client-side rendering is not affected...

PT-2026-20881

Name of the Vulnerable Software and Affected Versions Svelte versions prior to 5.51.5 Description A flaw exists in Svelte where, during server-side rendering, the tag name provided to the component is not validated or sanitized before being included in the HTML output. This can lead to HTML...

PT-2026-21305

Name of the Vulnerable Software and Affected Versions Svelte versions 5.39.3 through 5.51.4 Description Svelte is susceptible to a flaw where, under specific conditions, the server-side rendering of an element fails to properly escape its content. This can lead to potential HTML injection within...

Pi-hole Web Interface 安全漏洞

The Pi-hole Web Interface is an open-source dashboard web interface developed by Pi-hole. Versions of the Pi-hole Web Interface 6.0 and later contain security vulnerabilities. These vulnerabilities stem from a storage-type HTML injection vulnerability in the API settings page’s activity session...

WordPress Formidable Forms plugin <= 6.7 - HTML Injection vulnerability

HTML Injection vulnerability discovered by drop in WordPress Plugin Formidable Forms versions = 6.7...

CVE-2026-1640

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...

CVE-2026-1640 Taskbuilder <= 5.0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Project/Task Comment Creation

The Taskbuilder – WordPress Project Management & Task Management plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.0.2. This is due to missing authorization checks on the project and task comment submission functions AJAX actions:...

WordPress plugin Taskbuilder – WordPress Project Management & Task Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

CVE-2025-14289

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-14289

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-14289

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection in the Security &gt; Claims UI (CVE-2025-14289). A remote attacker could inject malicious HTML that executes in the victim’s browser within the hosting site’s security context. Root cause: improper neutralization of script-rel...

CVE-2025-14289

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

CVE-2025-14289 IBM webMethods Integration Server is vulnerable to HTML injection

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

PT-2026-20229

Name of the Vulnerable Software and Affected Versions IBM webMethods Integration Server version 12.0 Description The software is susceptible to HTML injection. A remote attacker could inject malicious HTML code that would be executed in the victim's web browser within the security context of the...

Security Bulletin: IBM webMethods Integration Server is vulnerable to HTML injection

Summary IBM webMethods Integration Sever is vulnerable to HTML injection in Security Claims UI. CVE-2025-14289. Vulnerability Details CVEID:CVE-2025-14289 DESCRIPTION: IBM webMethods Integration is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed...