CVE-2026-42586

CVE-2026-42586 affects Netty up to 4.2.13.Final and 4.1.133.Final where the RedisEncoder writes user-controlled strings to the output buffer without sanitizing CRLF (\n). Because RESP uses CRLF as command/response delimiters, an attacker who controls Redis message content can inject arbitrary Red...

CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...

PT-2026-38378

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description The Netty Redis codec encoder RedisEncoder writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF...

Froxlor 注入漏洞

Froxlor is a set of lightweight server management software developed by the Froxlor team. Versions of Froxlor prior to 2.3.5 had an injection vulnerability. This vulnerability stemmed from the lack of validation of the content fields of the DomainZones.add API endpoint, which could allow for the...

EUVD-2026-13676

WeGIA is a web manager for charitable institutions. In versions 3.6.5 and 3.6.6, the loadBackupDB function imports SQL files from uploaded backup archives without any content validation. An attacker can craft a backup archive containing arbitrary SQL statements that create rogue administrator...

CVE-2025-33015

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface...

CVE-2025-33015

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface...

CVE-2025-33015

CVE-2025-33015 affects IBM Concert Software versions 1.0.0 through 2.1.0. The issue is a file upload vulnerability where the web interface does not validate the uploaded file’s content, enabling malicious file uploads. The CVSS metrics indicate a high severity (8.8) with network attack vector, no...

CVE-2025-33015

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface...

CVE-2025-33015 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface...

PT-2026-3584

IBM Concert 1.0.0 through 2.1.0 is vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface...

WordPress plugin Strong Testimonials 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

EUVD-2025-25199

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-14863

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data...

RAGFlow 跨站脚本漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. A cross-site scripting vulnerability exists in RAGFlow cec2080 version, which stems from unvalidated file content and could lead to a stored cross-site scripting attack...

CVE-2024-40691

IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing...

Pyhtml2pdf Cross-Site Scripting Vulnerability

Pyhtml2pdf is a simple python wrapper from the Python Foundation. Convert HTML to PDF using headless Chrome via selenium. A cross-site scripting vulnerability exists in Pyhtml2pdf version 0.0.6, which stems from not validating user-entered HTML content, resulting in an attacker being able to obta...

GHSA-QGHR-877H-F9JH markdown-pdf vulnerable to local file read via server side cross-site scripting (XSS)

markdown-pdf version 11.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the Markdown content entered by the user...

DEBIAN-CVE-2019-14863

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it...

Unspecified vulnerability in radare2

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 4.0.0 and earlier versions, which stems from the program not validating content variables. An attacker can exploit the vulnerability to perform arbitrary write operations with special...