CVE-2026-9278 Form Builder CP < 1.2.47 - Editor+ Stored XSS via form_structure

The Form Builder CP WordPress plugin before 1.2.47 does not properly sanitize a form configuration value before storing it and using it as part of a client-side script execution, allowing authenticated users with Editor-level access and above to perform Stored Cross-Site Scripting attacks against...

Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values

Summary The Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write access to glances.conf can redirect all monitoring data to an attacker-controlle...

GHSA-GRP3-H8M8-45P7 Glances has CQL Injection in its Cassandra Export Module via Unsanitized Config Values

Summary The Cassandra export module glances/exports/glancescassandra/init.py interpolates keyspace, table, and replicationfactor configuration values directly into CQL statements without validation. A user with write access to glances.conf can redirect all monitoring data to an attacker-controlle...

CVE-2026-35588

Glances 4.5.4 fixes a CQL injection in the Cassandra export module. Before 4.5.4, glances_cassandra/init .py interpolates keyspace, table, and replication_factor into CQL without validation, allowing a user with write access to glances.conf to redirect all monitoring data to an attacker-controlle...

CVE-2026-23500

Dolibarr Dolibarr ERP/CRM prior to 23.0.0 is vulnerable to OS Command Injection via MAIN_ODT_AS_PDF in odf.php. An authenticated administrator can inject arbitrary commands by injecting into the MAIN_ODT_AS_PDF configuration constant, using command separators to execute as the web server user whe...

Cross-site Scripting (XSS)

SCEditor is vulnerable to Cross-site Scripting XSS. The vulnerability is due to lack of sanitization of user-controlled configuration options passed to sceditor.create, which allows an attacker to inject malicious scripts and execute arbitrary JavaScript in the application context...

CVE-2026-25498

Craft CMS versions 4.0.0-RC1 through 4.16.17 and 5.0.0-RC1 through 5.8.21 contain a Remote Code Execution (RCE) flaw in assembleLayoutFromPost() where user-supplied configuration data is not sanitized before passing to Craft::createObject(). This allows authenticated administrators to inject mali...

PT-2026-7148

Name of the Vulnerable Software and Affected Versions Craft CMS versions 4.0.0-RC1 through 4.16.17 Craft CMS versions 5.0.0-RC1 through 5.8.21 Description A Remote Code Execution RCE vulnerability exists in Craft CMS where the assembleLayoutFromPost function in src/services/Fields.php does not...

EUVD-2026-5586

Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution RCE vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream...

📄 LibreChat MCP 0.8.2-rc2 Remote Code Execution

Proof of concept exploit for a remote code execution vulnerability in LibreChat MCP version 0.8.2-rc2 that leverages an unsanitized stdio server configuration issue...

CVE-2025-60869

Publii CMS v0.46.5 build 17089 allows persistent Cross-Site Scripting XSS via unsanitized input in configuration fields such as "Site Description" and "Footer Follow Buttons". An attacker can inject arbitrary JavaScript, which is stored in the project and executed in the browsers of remote visito...

GHSA-26F6-WM47-7H7J Duplicate Advisory: motionEye vulnerable to RCE via unsanitized motion config parameter

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-j945-qm58-4gjx. This link is maintained to preserve external references. Original Description MotionEye v0.43.1b4 and before is vulnerable to OS Command Injection in configuration parameters such as imagefilenam...

Medium: NetworkManager-libreswan

Issue Overview: A flaw was found in the libreswan client plugin for NetworkManager NetkworkManager-libreswan, where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special...

PT-2024-5099 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 HF1 Description: A vulnerability has been identified due to missing server-side input sanitation when loading SNMP configurations, allowing command injection. This could enable an attacker...

DRUPAL-CONTRIB-2023-021

CivicCookieControl is a module that can help make a website compliant with EU and UK cookie legislation. The Civic GovUK Cookie Control module does not sufficiently sanitize the configuration resulting in a Cross-Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that t...

WordPress plugin Smush 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. A cross-site scripting vulnerability exists in versions of WordPress Smush plugin prior to 3.9.9,...