PT-2026-48690

Name of the Vulnerable Software and Affected Versions @openzeppelin/wizard versions prior to 0.10.9 Description The OpenZeppelin Contracts Wizard generates example test files for Hardhat test/test.ts and Foundry test/.t.sol that interpolate user-supplied strings opts.name and opts.uri into the te...

EUVD-2026-11385

ha-mcp has XSS via Unescaped HTML in OAuth Consent Form...

PT-2026-24838

ha-mcp is a Home Assistant MCP Server. Prior to 7.0.0, the ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute...

Cross-site Scripting (XSS)

Magento-lts is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unescaped translation strings and URLs rendered in the admin notification grid, which allows an attacker with database or feed access to inject malicious scripts into vulnerable fields...

EUVD-2014-2593

Malware in sbrugna...

Arbitrary Code Execution

symfony/symfony is vulnerable to arbitrary code execution. The vulnerability exists as the VarExporter does not properly escape strings, allowing strings with newlines to be executed...