CVE-2021-47968 Podcast Generator 3.1 Persistent Cross-Site Scripting via long_description

Podcast Generator 3.1 is vulnerable to persistent cross-site scripting, allowing authenticated attackers to inject malicious scripts by submitting unfiltered JavaScript code in the longdescription parameter. Attackers can inject script tags through episode creation or editing requests to execute...

CVE-2026-44714

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

EUVD-2026-30571

The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj...

CVE-2026-39052

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.runString expression, String type, Map context evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions...

CLSA-2026-1778845249 redis: Fix of 2 CVEs

CVE-2026-23631: fix use-after-free in readSyncBulkPayload when fullsync happens while a Lua script is timed out on the replica - CVE-2026-25243: fix invalid memory access in RESTORE on crafted zipmap, listpack and stream PEL payloads...

Exploit for CVE-2026-42897

CVE-2026-42897 - Exchange Health Checker Outbound Rewrite Rule...

CVE-2026-0236

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

CVE-2026-8539

A script injection flaw was found in the SanitizerAPI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496524586...

Exploit for CVE-2026-42945

nginx-rift-detect Behavioral detection script for CVE-2026-...

CVE-2026-24662

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

CVE-2026-24662

The CVE-2026-24662 entry describes a cross-site scripting vulnerability in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1, affecting rev2203.0 and earlier. When a file containing malicious contents is uploaded, an arbitrary script may execute in a user’s browser when an administrator v...

EUVD-2026-30504

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

CVE-2026-24662

Cross-site scripting vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If a file containing malicious contents is uploaded, an arbitrary script may be executed on a user's web browser when viewing the administration page showing the informati...

CVE-2026-31233

Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...

PT-2026-41276

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the update preview JavaScript function...

Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution

Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Remote Code Execution Date: 2026-04-20 Exploit Author: Chokri Hammedi Software: https://rs.ltd/latest.php?os=win Vendor: https://rs.ltd/ Version: 2026.14 Tested on: Windows 10 / Windows 11 !/usr/bin/env python3 import...

CVE-2026-39052

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.runString expression, String type, Map context evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions...

PT-2026-41304

Oinone Pamirs 7.0.0 contains a code execution vulnerability via ScriptRunner. The method ScriptRunner.runString expression, String type, Map context evaluates attacker-controlled script expressions through the underlying script engine without sandboxing or allowlist restrictions...

PT-2026-41391

Name of the Vulnerable Software and Affected Versions FrankenPHP versions 1.11.2 through 1.12.2 Description An unsafe Unicode handling flaw exists in the CGI path splitting process. The splitPos function in cgi.go incorrectly uses the golang.org/x/text/search library with search.IgnoreCase when...

Open WebUI 跨站脚本漏洞

Open WebUI is an open-source, scalable, feature-rich, and user-friendly self-hosted WebUI. Versions of Open WebUI prior to 0.6.5 had a cross-site scripting vulnerability. This vulnerability stemmed from HTML rendering views that allowed script injection and execution, potentially leading to...