CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

CVE-2026-26378

Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features...

CVE-2026-26378

Affects Koha 25.11 and earlier. Cross-Site Scripting via the file upload function in Invoice features allows a remote attacker to execute arbitrary code. Root cause details are not provided beyond this description. No remediation or patch version is stated in the available documents.

KWHotel 安全漏洞

KWHotel is a hotel software for desktop, web and mobile devices from KWHotel, Inc. A security vulnerability exists in KWHotel version 0.47, which stems from a CSV formula injection in the Add Invoice feature...

PT-2024-17810 · WordPress · Sunshine Photo Cart

Name of the Vulnerable Software and Affected Versions: The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress versions up to, and including, 3.0.24 Description: The issue allows unauthenticated attackers to extract sensitive data, including customer email and physic...