CVE-2026-36748

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

PT-2026-45954

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

Spark Development Network Rock RMS 安全漏洞

Spark Development Network Rock RMS is a relationship management system developed by Spark Development Network, aimed at churches and non-profit organizations. There were security vulnerabilities in the Spark Development Network Rock RMS version 16.13 and versions prior to 17.7.0. These...

EUVD-2026-34100

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

CVE-2026-36748

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

CVE-2026-36748

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

CVE-2026-36748

RockRMS vulnerability CVE-2026-36748 affects v16.13 and earlier of RockRMS up to v17.7.0, allowing Cross Site Scripting (XSS) via social media links in a user profile. The connected documents confirm the affected product version range and the XSS impact, but do not provide rooted technical detail...

CVE-2026-36748

RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting XSS via Social Media links in user profile...

CVE-2026-48172

creationtimestamp| type| source ---|---|--- 2026-05-21 02:46:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmdfp7calj2e 2026-05-21 20:55:19+00:00| seen| https://infosec.exchange/users/vuldb/statuses/116614555970411904 2026-05-22 23:04:03+00:00| seen|...

OpenClaw 代码问题漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.12 had code vulnerabilities. These vulnerabilities stemmed from server-side request forgeing in the handling of media URLs by the QQBot. This could allow attackers to provide...

PT-2026-37012

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.12 Description An issue exists in the QQBot reply media URL handling that allows server-side request forgery SSRF, a flaw where a server is tricked into making requests to an unintended location. Attackers can...

CVE-2026-6123

creationtimestamp| type| source ---|---|--- 2026-04-12 09:43:23+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mjc2tb5aus22 2026-04-12 10:23:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjc52jcvgk2g 2026-04-12 11:15:38+00:00| published-proof-of-concept|...

CVE-2026-22742 Server-Side Request Forgery in BedrockProxyChatModel via Unvalidated Media URL Fetching

Spring AI's spring-ai-bedrock-converse contains a Server-Side Request Forgery SSRF vulnerability in BedrockProxyChatModel when processing multimodal messages that include user-supplied media URLs. Insufficient validation of those URLs allows an attacker to induce the server to issue HTTP requests...

CVE-2025-68037 WordPress Export Media URLs plugin <= 2.2 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Atlas Gondal Export Media URLs export-media-urls allows Reflected XSS.This issue affects Export Media URLs: from n/a through = 2.2...

CVE-2026-1843

creationtimestamp| type| source ---|---|--- 2026-02-14 09:00:32+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3mesnu4u5c72a 2026-02-14 09:00:32+00:00| seen| https://infosec.exchange/users/offseq/statuses/116068163886097864...

EUVD-2024-36744

Malicious code in bioql PyPI...

EUVD-2025-11769

Malicious code in bioql PyPI...

CVE-2025-8022

creationtimestamp| type| source ---|---|--- 2025-07-23 07:09:53+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lumhmnmig72w 2025-07-24 05:10:24+00:00| seen| https://bsky.app/profile/azu.bsky.social/post/3luorfvupsb2w 2025-08-21 06:00:47+00:00| seen|...

CVE-2024-37545

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Nick Halsey Floating Social Media Links allows Stored XSS.This issue affects Floating Social Media Links: from n/a through 1.5.2...

CVE-2021-36696

Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting XSS vulnerability in social media links on a user profile due to lack of input validation...