56 matches found
CVE-2026-36214
osTicket versions from 1.10 up to 1.17.7 and from 1.18.0 up to 1.18.3 are vulnerable to a stored XSS due to a vulnerable Bootstrap Tooltip component and insufficient HTML sanitization, allowing remote attackers to execute arbitrary JavaScript in Agent or Admin sessions...
PT-2026-52195
Name of the Vulnerable Software and Affected Versions GitLab EE versions 16.4 through 18.11.5 GitLab EE versions 19.0 through 19.0.2 GitLab EE versions 19.1 through 19.1.0 Description Improper sanitization of user-supplied input allows an authenticated user with developer-role permissions to...
Cross-site Scripting (XSS)
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Scripting XSS through improper sanitization in the WebSocket messaging process. An attacker can execute arbitrary JavaScript in the browser session of...
CVE-2026-20081
Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attacker must have valid administrative credentials. These vulnerabilities are due to improper sanitization o...
Cross-site Scripting (XSS)
Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of URL sanitization helpers, HTML serialization, Markdown passthrough, and custom sanitization-policy edge cases. An attacker can execut...
PT-2026-31546
Name of the Vulnerable Software and Affected Versions GitLab EE versions 18.2 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 Description GitLab EE versions are susceptible to a flaw in customizable analytics dashboards. An authenticated user could potentially execute arbitrary...
WordPress plugin WPFAQBlock– FAQ & Accordion Plugin For Gutenberg 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-26871
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'naam' parameter in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfie option page function combined with insufficient input sanitization and output...
Lantronix EDS5000 安全漏洞
The Lantronix EDS5000 is a serial port device server developed by the American company Lantronix. The Lantronix EDS5000 version 2.1.0.0R3 contains a security vulnerability. This vulnerability stems from insufficient cleaning of input parameters on the SSH Client and SSH Server pages, which may...
USN-8077-1: Bleach vulnerabilities
It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly use this issue to construct a URI with a disallowed scheme that would bypass sanitization, leading to cross-site scripting. This issue only affected Ubuntu 18.04 LTS...
CVE-2026-1643
The MP-Ukagaka plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if...
CVE-2025-14657
The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postsettings' function in all versions up to, and including, 4.0.51. This makes it possible for...
CVE-2024-2845
The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 3.4.2 due to insufficient input...
CVE-2025-12368
The Sermon Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sermon-views shortcode in all versions up to, and including, 2.30.0. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticate...
PT-2025-48135
The Houzez theme for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.1.6 due to insufficient input sanitization and output escaping in the houzez property img upload and houzez property attachment upload functions. This makes it...
CVE-2025-12450
The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 7.5.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...
EUVD-2024-17244
Malicious code in bioql PyPI...
EUVD-2023-57958
Malicious code in bioql PyPI...
EUVD-2024-34031
Malicious code in bioql PyPI...
PT-2025-30551 · Iotgen · Iotgen
Name of the Vulnerable Software and Affected Versions: Apache IoT affected versions not specified Description: An authenticated remote attacker can execute arbitrary commands with root privileges on affected devices due to improper sanitizing of user input in the Main Web Interface. The vulnerabl...