CVE-2026-9437 DTStack Taier REST API Runtime.exec os command injection

A vulnerability has been found in DTStack Taier 1.4.0. This affects the function Runtime.exec of the component REST API. The manipulation of the argument sqlText leads to os command injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may ...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Staging: iio: frequency: ad9832: Fix for division by zero in ad9832calcfreqreg. In the ad9832writefrequency function, clkgetrate might return 0. This can lead to a division by zero when calling ad9832calcfreqreg. The check if fou...

CVE-2026-31246

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

GPT-Pilot contains a command injection vulnerability in the Executor.run() method

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

CVE-2026-31246

GPT-Pilot thru commit 0819827ce20346ef5f25b3fe29293cb448840565 2025-09-03 contains a command injection vulnerability CWE-78 in the Executor.run method. During project execution, when the system prompts the user to confirm or modify a command to be run, it accepts free-text input without proper...

CVE-2019-25622 Paint Studio 2.17 Denial of Service via Malformed Input

Paint Studio 2.17 contains a denial of service vulnerability that allows local attackers to crash the application by providing malformed input through the key entry mechanism. Attackers can create a text file with a large buffer of characters and trigger the application to read it, causing the...

CVE-2026-2735

Stored Cross-Site Scripting XSS in Alkacon's OpenCms v18.0, which occurs when user input is not properly validated when sending a POST request to ‘/blog/new-article/org.opencms.ugc.CmsUgcEditService.gwt’ using the ‘text’ parameter...

CVE-2020-37107

CVE-2020-37107 affects Core FTP LE 2.2. A denial-of-service arises by overwriting the account field with a large buffer; an attacker can craft a file with 20,000 repeated characters and paste it into the account field, causing the application to become unresponsive and require reinstallation. Pub...

PT-2026-6039

Name of the Vulnerable Software and Affected Versions Robin Image Optimizer – Unlimited Image Optimization & WebP Converter plugin for WordPress versions up to and including 2.0.2 Description The Robin Image Optimizer plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs...

CVE-2026-20119

CVE-2026-20119 affects Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software. A vulnerability in the text rendering subsystem due to insufficient input validation lets unauthenticated remote attackers cause a DoS by rendering crafted text (e.g., a meeting invitation), poten...

Cross-site Scripting (XSS)

dotnetnuke.core is vulnerable to cross-site scripting XSS. The vulnerability is due to module titles supporting rich text input without proper script sanitization, which allows an attacker to inject and execute malicious scripts in certain scenarios...

CVE-2018-25116 MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution...

Thread Redirect plugin for MyBB – Cross-site scripting vulnerabilities

The Thread Redirect plugin for MyBB is a plugin developed by Jamie Sage, an individual developer. The Thread Redirect plugin for MyBB version 0.2.1 has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of custom text input fields, which may lead to cross-site...

CVE-2026-23847

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the S...

CVE-2026-23847 SiYuan Vulnerable to Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the S...

CVE-2021-47818

DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows ...

CVE-2026-21624 Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla

Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla...

EUVD-2026-2450

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

PT-2026-2926

Name of the Vulnerable Software and Affected Versions html2pdf.js versions prior to 0.14.0 Description html2pdf.js converts webpages or elements into printable PDFs client-side. When provided with a text source instead of an element, versions prior to 0.14.0 do not sufficiently sanitize the text...

DRUPAL-CONTRIB-2025-121

This module enables you to use the Tagify library to enhance text input fields with tag-style UI elements. The module does not sufficiently sanitize the infoLabel value under certain configurations, which can result in a cross-site scripting XSS vulnerability. This vulnerability is mitigated by t...