6647 matches found
CVE-2026-41525
KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...
PT-2026-35677
KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...
EUVD-2026-26003
KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...
Pimcore has an authenticated Cross-site Scripting issue
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
CVE-2026-5362
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
EUVD-2026-25917
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
CVE-2026-5362
An authenticated attacker with permission to edit document content can store crafted HTML/JavaScript in a Document embed editable and cause script execution when the published page is rendered. This issue affects pimcore: v12.3.3...
EUVD-2026-25826
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...
Pimcore 跨站脚本漏洞
Pimcore is an open-source web content management platform developed by Pimcore GmbH in Austria. This platform integrates applications such as web content management, e-commerce frameworks, and product information management. Version 12.3.3 of Pimcore contains a cross-site scripting vulnerability...
PT-2026-35523
🚨 New zero-day in pimcore | Detected by our AI SAST scanner and disclosed by Oscar Naveda. As a CNA, we assigned the ID CVE-2026-5362. Details: 🔗 https://t.co/iZiXYRAAcM. We have announced 232 CVEs to this date: 🔗 https://t.co/fgMrQcycLm https://t.co/gFxbxDglVo...
CVE-2026-41360
OpenClaw
Execution with Unnecessary Privileges
Overview Affected versions of this package are vulnerable to Execution with Unnecessary Privileges through the runscript.py and runscript.rb script execution paths in the script runner components. An attacker can read sensitive credentials by running a script that prints the process environment,...
CVE-2026-3007 Stored Cross-Site Scripting (XSS) Vulnerability
Successful exploitation of the stored cross-site scripting XSS vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.2 contained security vulnerabilities. These vulnerabilities stemmed from a integrity approval vulnerability present in pnpm dlx. The vulnerability allowed local script operation...
Infinite loop
Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop via custom sanitization policies or programmatic DOM manipulation. An attacker can inject and execute arbitrary scripts, cause resource loading, or trigger externa...
CVE-2026-3837
An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...
CVE-2026-3837
An authenticated attacker can persist crafted values in multiple field types and trigger client-side script execution when another user opens the affected document in Desk. The vulnerable formatter implementations interpolate stored values into raw HTML attributes and element content without...
CVE-2018-25269
CVE-2018-25269 : ICEWARP 11.0.0.0 contains a cross-site scripting vulnerability allowing HTML injection into emails. Attackers can embed base64 payloads in object/embed tags and craft emails with data URIs that execute scripts when viewed, potentially compromising user sessions and leaking sensit...
CVE-2026-40451
DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user...
CVE-2026-40451
DeepL Chrome browser extension versions from v1.22.0 to v.1.23.0 contain a cross-site scripting vulnerability, which allows an attacker to execute arbitrary script in a user's browser, and inject malicious HTML into web pages viewed by the user...