Exploit for CVE-2020-12446

CVE-2020-12446 - You can check WriteUphtt...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.37 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

EUVD-2026-20484

CI4MS has stored XSS via Unescaped Blacklist Note in Admin User List...

Important: Red Hat Security Advisory: RHACS 4.9.5 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

Important: Red Hat Security Advisory: RHACS 4.8.10 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

SiYuan: Remote Code Execution in the Electron desktop client via stored XSS in synced table captions

Summary A malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML, creating a stored XSS sink. Because the desktop renderer ru...

CVE-2026-39391 CI4MS has Stored XSS via Unescaped Blacklist Note in Admin User List

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into a...

CVE-2026-39391

CVE-2026-39391 affects CI4MS, a CodeIgniter 4-based CMS skeleton. Before 0.31.4.0, the blacklist (ban) note parameter stored in the database was rendered into an HTML data-note attribute without escaping, enabling a stored XSS when an admin with blacklist privileges views the user management page...

DoS (Denial of Service) valibot Dependency in Confluence Data Center

This High severity DoS Denial of Service vulnerability was introduced in versions 9.1.1, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.1.2, and 10.2.0 of Confluence Data Center. This DoS Denial of Service vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

PT-2026-31318

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist ban note parameter in UserController::ajax blackList post is stored in the database without sanitization and rendered into...

CVE-2026-39846

CVE-2026-39846 – SiYuan Electron desktop client is affected prior to 3.6.4. A crafted note with table caption content that is stored without safe escaping can be unescaped in rendered HTML, creating a stored XSS sink. Since the desktop renderer runs with nodeIntegration enabled and contextIsolati...

CVE-2026-39846 SiYuan affected by Remote Code Execution in the Electron desktop client via stored XSS in synced table captions

SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML,...

Directory Traversal

Overview org.apache.activemq:activemq-client is a high performance Apache 2.0 licensed Message Broker and JMS 1.1 implementation. Affected versions of this package are vulnerable to Directory Traversal via improper validation of classpath path names in the key parameter during the creation of a...

CVE-2026-31060

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

PT-2026-31031

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.6.4 Description SiYuan, a personal knowledge management system, is susceptible to remote code execution in the Electron desktop client prior to version 3.6.4. This occurs because table caption content is stored and...

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 6.5.3 contained security vulnerabilities. These vulnerabilities stemmed from a storage-oriented cross-site scripting vulnerability in the note editor. This could allow authenticated users with note-addin...

CVE-2026-5568

A vulnerability has been found in Akaunting up to 3.1.21. This issue affects some unknown processing of the component Invoice/Billing. The manipulation of the argument notes leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the...

EUVD-2026-19255

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-31060

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-31060

UTT Aggressive HiPER 810G v3v1.7.7-171114 was discovered to contain a buffer overflow in the notes parameter of the formGroupConfig function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...