1123419 matches found
Security Bulletin: IBM Transformation Advisor is affected by multiple vulnerabilities found in Node.js
Summary There are multiple vulnerabilities in Node.js used by IBM Transformation Advisor. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype...
Security Bulletin: IBM Application Modernization Accelerator is affected by multiple vulnerabilities found in Node.js
Summary There are multiple vulnerabilities in Node.js used by IBM Application Modernization Accelerator. Vulnerability Details CVEID:CVE-2026-41238 DESCRIPTION: DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a...
Security Bulletin: Due to use of core-18.2.14.tgz, IBM Sterling Connect:Direct Web Services is affected by cross-site scripting (XSS) issue.
Summary core-18.2.14.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2026-22610, CVE-2026-27970. Vulnerability Details CVEID:CVE-2026-22610 DESCRIPTION: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages...
Security Bulletin: Due to use of compiler-18.2.14.tgz, IBM Sterling Connect:Direct Web Services is affected by Cross-Site Scripting (XSS).
Summary compiler-18.2.14.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-66412, CVE-2026-22610. Vulnerability Details CVEID:CVE-2025-66412 DESCRIPTION: Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other...
WordPress HollerBox plugin <= 2.3.10.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by she11f in WordPress Plugin HollerBox versions = 2.3.10.1...
CVE-2026-28116
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...
CVE-2026-7299 CVE-2026-7299
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...
CVE-2026-7299
Appsmith CVE-2026-7299 affects the SQL query editor autocomplete renderer, where unsanitized database object names rendered into innerHTML enable persistent XSS by a developer with access. This can execute arbitrary JavaScript in other workspace members’ sessions when interacting with the same da...
EUVD-2026-33936
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...
CVE-2026-7299 CVE-2026-7299
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...
CVE-2026-7299
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other...
CVE-2026-28116 WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...
CVE-2026-28116
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...
CVE-2026-28116
CVE-2026-28116 affects the WordPress Progress Planner plugin up to version 1.9.0. The issue is a Stored XSS due to improper neutralization of input during web page generation. Under CVSS 3.1, the impact is Low for confidentiality, integrity, and availability, with a Network attack vector, Low att...
EUVD-2026-33929
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...
CVE-2026-28116 WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Emilia Projects Progress Planner allows Stored XSS. This issue affects Progress Planner: from n/a through 1.9.0...
WordPress Progress Planner plugin <= 1.9.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hongdo in WordPress Plugin Progress Planner versions = 1.9.0...
WordPress WP Job Portal plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Baikuya in WordPress Plugin WP Job Portal versions = 2.5.2...
WordPress King Addons for Elementor plugin <= 51.1.62 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by thevietronin in WordPress Plugin King Addons for Elementor versions = 51.1.62...
CVE-2026-32250
CVE-2026-32250 affects NamelessMC (Minecraft server website software). The issue is a Reflected XSS in the id parameter of the endpoint “/index.php?route=/queries/user/”. User input is echoed into the HTML response without proper sanitization/output encoding, enabling an attacker to inject JavaSc...