PT-2026-5202

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.44 Description A flaw exists in Drupal Tagify that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially...

CVE-2026-24824

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

CVE-2026-24824

CVE-2026-24824 affects the YaCy yacy_search_server component, specifically the YaCyDefaultServlet.Java handlers under source/net/yacy/http/servlets. The issue is an improper neutralization of input during web page generation, i.e., an XSS vulnerability. CVSS metrics indicate a MEDIUM base score (...

CVE-2026-24824 A XSS in yacy/yacy_search_server

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

EUVD-2026-4805

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

CVE-2026-24623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through = 1.0...

CVE-2025-52762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through = 1.0001...

CVE-2025-52746

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ayecode Restaurante restaurante allows Reflected XSS.This issue affects Restaurante: from n/a through = 3.0.7...

CVE-2025-50005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

CVE-2025-67923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.7.7...

CVE-2025-68518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through 6.8.9...

CVE-2026-24355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

CVE-2026-24584

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through = 1.0.0...

CVE-2026-24550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through = 1.2.15...

CVE-2025-2204

Technical details about CVE-2025-2204 are not publicly available in the provided documents. Monitor for updates.

CVE-2025-2204

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting XSS. This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about this disclosure but...

PT-2026-4435

Name of the Vulnerable Software and Affected Versions PenciDesign Penci Pay Writer versions through 1.5 Description The Penci Pay Writer software contains a flaw related to improper input handling during web page creation, which allows for Stored Cross-site Scripting XSS. This means that maliciou...

PT-2026-4446

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Devsbrain Flex QR Code Generator flex-qr-code-generator allows DOM-Based XSS.This issue affects Flex QR Code Generator: from n/a through = 1.2.8...

CVE-2025-67960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in purethemes WorkScout-Core workscout-core allows Reflected XSS.This issue affects WorkScout-Core: from n/a through = 1.7.06...

CVE-2025-67614

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in foreverpinetree TheNa thena allows Reflected XSS.This issue affects TheNa: from n/a through = 1.5.5...