CVE-2026-39107

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...

PT-2026-46005

Name of the Vulnerable Software and Affected Versions Kimi AI version 1.0 Description A Cross Site Scripting issue exists in the 'Preview' feature of the web interface. The application does not properly sanitize or encode HTML or JavaScript payloads produced by the AI model. When a user accesses...

CVE-2026-1609

A flaw was found in Keycloak. When the JSON Web Token JWT authorization grant preview feature is enabled and a user account is disabled, Keycloak fails to validate the user’s disabled status during JWT authorization grant processing. A remote attacker with low privileges can exploit this improper...

CVE-2025-14559

A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a...

CVE-2023-43649

baserCMS is a website development framework. Prior to version 4.8.0, there is a cross site request forgery vulnerability in the content preview feature of baserCMS. Version 4.8.0 contains a patch for this issue...

CVE-2025-15172

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit ha...

CVE-2025-15172

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit ha...

GO-2025-4045 Mattermost Server vulnerable to Cross-site Scripting through file preview feature in github.com/mattermost/mattermost-server

Mattermost Server vulnerable to Cross-site Scripting through file preview feature in github.com/mattermost/mattermost-server...

EUVD-2019-11388

Malware in sbrugna...

EUVD-2006-6489

Malware in sbrugna...

WordPress plugin Shortcodes Ultimate 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site request...

CVE-2025-50183

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...

CVE-2025-50183 OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. Th...

OpenList Frontend 跨站脚本漏洞

OpenList Frontend is an OpenList Team open source application that protects open source projects from trust-based attacks. A cross-site scripting vulnerability exists in OpenList Frontend versions prior to 4.0.0-rc.4, which stems from a .py file in the file preview feature that may be interpreted...

OpenList (frontend) allows XSS Attacks in the built-in Markdown Viewer

XSS via .py file containing script tag interpreted as HTML Summary A vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in tags may be interpreted and executed as HTML in certain modes. This leads to ...

CVE-2020-27666

Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature...

Google Web Designer Code Execution Vulnerability

Google Web Designer is a professional-grade HTML5 advertising and web content authoring tool from Google, supporting visual design and code editing. A code execution vulnerability exists in Google Web Designer, which stems from improperly resolved symbolic links in the Preview feature, and can be...

Google Web Designer 安全漏洞

Google Web Designer is a professional-grade HTML5 advertising and web content authoring tool from Google, supporting visual design and code editing. A code execution vulnerability exists in Google Web Designer, which stems from improperly resolved symbolic links in the Preview feature, and can be...

FileVista 安全漏洞

FileVista is a web file manager from GleamTech Individual Developers. A security vulnerability exists in FileVista version 9.2.0.0, which stems from incorrect access control in the Preview feature and allows remote attackers to bypass authentication by removing the authentication header and acces...

Jupyterlab Python Library < 3.6.8 / 4.0 < 4.2.5 (CVE-2024-43805)

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. This vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature. A malicious user c...