69 matches found
Astra Linux - уязвимость в python-django
A issue was discovered in Django 5.0 before 5.0.8 and 4.2 before 4.2.15. The values and valueslist methods on models with a JSONField are vulnerable to SQL injection when column aliases are used, due to a crafted JSON object key being passed as an argument...
CVE-2026-6415
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...
CVE-2026-6415 Advanced Custom Fields: Font Awesome Field <= 5.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via JSON Field
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...
CVE-2026-6415 Advanced Custom Fields: Font Awesome Field <= 5.0.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via JSON Field
The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...
GHSA-GHCV-22JF-VFXM AVideo has an Incomplete Fix for YPTSocket autoEvalCodeOnHTML Strip: Unauthenticated Cross-User JavaScript Execution via `$msg['json']` Relay Bypass
Summary The server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink prior advisory GHSA-gph2-j4c9-vhhr, commit c08694bf6 only strips the payload when it sits under $json'msg', but the relay function msgToResourceId selects the outbound message from $msg'json' before $msg'msg'. An...
PT-2026-37290
Name of the Vulnerable Software and Affected Versions WWBN AVideo versions prior to 29.1 Description An unauthenticated attacker can execute arbitrary JavaScript in the browser session of any logged-in user. The issue stems from an incomplete server-side mitigation for an eval sink. While the...
SQL Injection
Overview @payloadcms/db-d1-sqlite is a The officially supported D1 SQLite database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accoun...
SQL Injection
Overview @payloadcms/db-vercel-postgres is a Vercel Postgres adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by injecting crafte...
SQL Injection
Overview @payloadcms/drizzle is an A library of shared functions used by different payload database adapters Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user...
@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...
[SECURITY] [DLA 4458-1] python-django security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4458-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb January 28, 2026 https://wiki.debian.org/LTS -...
Debian dla-4458 : python-django-doc - security update
The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4458 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4458-1 [email protected]...
GHSA-M3F2-XJGC-2WP2 Drupal JSON Field is vulnerable to XSS
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS. This issue affects JSON Field: from 0.0.0 before 1.5...
Drupal JSON Field is vulnerable to XSS
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS. This issue affects JSON Field: from 0.0.0 before 1.5...
EUVD-2025-36880
Drupal JSON Field is vulnerable to XSS...
CVE-2025-10926
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS.This issue affects JSON Field: from 0.0.0 before 1.5...
Drupal JSON Field 安全漏洞
Drupal JSON Field is a JSON data presentation plugin for the Drupal community. A security vulnerability exists in Drupal JSON Field versions prior to 1.5, which stems from improper input neutralization during page generation and could lead to a cross-site scripting attack...
CVE-2025-10926 JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS.This issue affects JSON Field: from 0.0.0 before 1.5...
CVE-2025-10926 JSON Field - Critical - Cross Site Scripting - SA-CONTRIB-2025-106
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal JSON Field allows Cross-Site Scripting XSS.This issue affects JSON Field: from 0.0.0 before 1.5...
CVE-2025-10926
CVE-2025-10926 affects the Drupal JSON Field module (before 1.5). The vulnerability arises from improper input neutralization during page generation, enabling Cross-Site Scripting (XSS). Affected: JSON Field module prior to 1.5. Impact: XSS risk on pages rendering JSON Field content. Remediation:...