SUSE CVE-2026-44742

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

CVE-2026-30556

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via...

EUVD-2020-29796

Malware in sbrugna...

EUVD-2009-3927

Malware in sbrugna...

EUVD-2022-33949

Malicious code in bioql PyPI...

EUVD-2025-26713

Malicious code in bioql PyPI...

EUVD-2024-3265

Malicious code in bioql PyPI...

EUVD-2024-46268

Malicious code in bioql PyPI...

PT-2025-27865 · WordPress · Easy Restaurant Menu Manager

Name of the Vulnerable Software and Affected Versions: Easy Restaurant Menu Manager plugin for WordPress versions up to and including 2.0.1 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the nsc eprm menu link shortcode. This...

PT-2025-24044 · WordPress · Paged Gallery

Name of the Vulnerable Software and Affected Versions: Paged Gallery plugin for WordPress versions up to and including 0.7 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the gallery shortcode. This allows authenticated attacke...

CVE-2019-14769

Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. This iss...

CVE-2019-8948

PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script injection via the user interface, aka PC-15163...

MRCMS Product Cross-Site Scripting Vulnerability

MRCMS is a content management system. A cross-site scripting vulnerability exists in MRCMS, which stems from insufficient filtering of operations on parameter names/paths, allowing an attacker to inject malicious scripts. The vulnerability can be exploited to inject malicious scripts, which will ...

Adobe Commerce Cross-Site Scripting Vulnerability (CNVD-2025-05701)

Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. A cross-site scripting vulnerability exists in Adobe Commerce, which can be exploited by an attacker to inject malicious script into vulnerable form...

CVE-2024-51111

CVE-2024-51111 is a Cross-Site Scripting (XSS) vulnerability affecting Pnetlab version 5.3.11. The issue enables injection of malicious scripts into web pages, which execute in the victim’s browser context. Public sources consistently describe XSS in Pnetlab 5.3.11 but do not provide concrete exp...

CVE-2024-12475

The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inje...

Script Injection

Debezium is vulnerable to script injection. The vulnerability is due to improper sanitization of parameters, allowing attackers to perform a script injection attack that may result in unauthorized data exposure...

PT-2024-17520 · WordPress · Responsive Blocks

Name of the Vulnerable Software and Affected Versions: The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress versions up to, and including, 1.9.7 Description: The issue is related to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block due to...

CVE-2024-52336

A script injection vulnerability was identified in the Tuned package. The instancecreate D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with scriptpre or scriptpost options that permit arbitrary...

PT-2024-39666 · WordPress · The Beaver Builder

Name of the Vulnerable Software and Affected Versions: The Beaver Builder – WordPress Page Builder plugin versions up to, and including, 2.8.4.2 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's Button widget, allowi...