CVE-2026-4336

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

CVE-2026-35515 @nestjs/core Improperly Neutralizes Special Elements in Output Used by a Downstream Component ('Injection')

Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.18, SseStream.transform interpolates message.type and message.id directly into Server-Sent Events text protocol output without sanitizing newline characters \r, \n. Since the SSE protocol treats both \r and ...

CVE-2026-3108

Mattermost versions 11.2.x = 11.2.2, 10.11.x = 10.11.10, 11.4.x = 11.4.0, 11.3.x = 11.3.1 fail to sanitize user-controlled post content in the mmctl commands terminal output which allows attackers to manipulate administrator terminals via crafted messages containing ANSI and OSC escape sequences...

CVE-2026-1454

Affected product: WordPress plugin “Responsive Contact Form Builder & Lead Generation Plugin” (Lead Form Builder); vulnerable in all versions up to 2.0.1. Root cause: insufficient input sanitization in lfb_lead_sanitize() (omits certain field types from its whitelist) and an overly permissive wp_...

CVE-2025-15312

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance...

CVE-2025-15312

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance...

CVE-2025-15312 Tanium addressed an improper output sanitization vulnerability in TanOS.

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance...

EUVD-2025-206830

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance...

CVE-2025-15312

Tanium addressed an improper output sanitization vulnerability in Tanium Appliance...

CVE-2025-15312

The CVE-2025-15312 entry concerns an improper output sanitization vulnerability in Tanium Appliance (TanOS family as per CVE list). The NVD/Tanium records show a network-exposed issue (attack vector: NETWORK) with high privileges required, no user interaction, and a total impact on confidentialit...

PT-2026-6606

Name of the Vulnerable Software and Affected Versions Tanium Appliance affected versions not specified Description Tanium Appliance is affected by an improper output sanitization issue. This could potentially allow for unintended consequences due to unsanitized output. Recommendations At the...

CVE-2020-24592

Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization...

CVE-2020-24693

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization...

PT-2025-50306

Name of the Vulnerable Software and Affected Versions HandL UTM Grabber / Tracker WordPress plugin versions prior to 2.8.1 Description The HandL UTM Grabber / Tracker WordPress plugin does not properly sanitize and escape a parameter before displaying it, resulting in a Reflected Cross-Site...

PT-2025-49803

Name of the Vulnerable Software and Affected Versions Custom Admin Menu WordPress plugin versions through 1.0.0 Description The plugin does not properly sanitise and escape a parameter before displaying it on a page, which can lead to a Reflected Cross-Site Scripting issue. This could potentially...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the upload, create, and rename features for files with HTML and SVG types, due to insufficient content-type validation and lack of output sanitization. An attacker can execute arbitrary scripts in the contex...

CVE-2025-63307

alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting XSS. The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization...

PT-2025-45330

alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting XSS. The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization...

CVE-2025-34305 IPFire < v2.29 Stored XSS via Multiple Methods in cleanhtml()

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

EUVD-2019-7424

Malware in sbrugna...