26 matches found
CVE-2026-11434
CVE-2026-11434 affects FluentCMS 0.0.5, specifically the Blocks Plugin via an unknown function in the /admin/blocks file. The issue allows a cross site scripting (XSS) flaw due to manipulation of that function, with remote initiation possible. Public exploits exist according to the record, and th...
FluentCMS 代码注入漏洞
FluentCMS is an open-source content management system developed by FluentCMS. Version 0.0.5 of FluentCMS has a code injection vulnerability, which stems from unknown functions in the Blocks Plugin component file located at admin/blocks. This vulnerability may lead to cross-site scripting attacks...
Malicious code in @gaia-codesearch/gaia-api-python (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bffb43bbb30e1d5c01c4c389983726a49a5489ddebcfef91353d03f7a767d01f The package @gaia-codesearch/gaia-api-python was found to contain malicious code. Source: ossf-package-analysis...
GHSA-PV9V-5J35-XWCR libcrux Panics During Standalone MAC Operations
An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...
libcrux Panics During Standalone MAC Operations
An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...
libcrux-aead (>=0.0.4 <=0.0.7-rc.1) potentially affected by unknown CVE via libcrux-poly1305 (>=0.0.4 <=0.0.5-rc.1)
libcrux-poly1305 CARGO version =0.0.4, =0.0.4, =0.0.7-rc.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0073...
RUSTSEC-2026-0073 Panic in Standalone MAC Operations
An incorrect constant for the key length in libcrux-poly1305 caused the standalone MAC function libcruxpoly1305::mac to always panic with an out-of-bounds memory access. Impact Applications wishing to use libcrux-poly1305 as a standalone MAC would experience panics. The use of libcrux-poly1305 in...
CVE-2026-2947
CVE-2026-2947 affects rymcu forest up to version 0.0.5, specifically the updateUserInfo function in src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the User Profile Handler. The issue enables cross-site scripting due to the underlying manipulation, allowing remote execution...
CVE-2026-2947 rymcu forest User Profile UserInfoController.java updateUserInfo cross site scripting
A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed...
CVE-2026-2946
CVE-2026-2946 affects rymcu forest up to version 0.0.5. The vulnerability is in the function XssUtils.replaceHtmlCode (src/main/java/com/rymcu/forest/util/XssUtils.java) of the Article Content/Comments/Portfolio component, enabling cross-site scripting. The issue enables remote exploitation and t...
CVE-2026-26974
Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...
CVE-2026-26974
CVE-2026-26974 (Slyde) affects Slyde versions 0.0.4 and earlier. The root cause is Node.js automatically importing any /**.plugin.{js,mjs} files, including those from node_modules, enabling a malicious package with a .plugin.js file to execute arbitrary code when installed or required. Impact is ...
CVE-2026-26974 Sylde has Improper Control of Generation of Code
Slyde is a program that creates animated presentations from XML. In versions 0.0.4 and below, Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file can execute arbitrary code when installed or required. All projects...
Unsafe Dependency Resolution
Overview @tygo-van-den-hurk/slyde is a Make beautifully animated Slydes and presentations from XML with ease! Affected versions of this package are vulnerable to Unsafe Dependency Resolution via the automatic import process of /.plugin.js,mjs files from dependencies. An attacker can execute...
GHSA-W7H5-55JG-CQ2F Improper Control of Generation of Code ('Code Injection') in @tygo-van-den-hurk/slyde
Impact This is a remote code execution RCE vulnerability. Node.js automatically imports /.plugin.js,mjs files including those from nodemodules, so any malicious package with a .plugin.js file could execute arbitrary code when installed or required. All projects using this loading behavior are...
PT-2026-20786
Name of the Vulnerable Software and Affected Versions Slyde versions 0.0.4 and below Description Slyde is a program used to create animated presentations from XML. A remote code execution issue exists because Node.js automatically imports /.plugin.js,mjs files, including those from node modules...
CVE-2023-34022
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rakib Hasan Dynamic QR Code Generator plugin = 0.0.5 versions...
PT-2024-39369 · WordPress · Material Design Icons
Name of the Vulnerable Software and Affected Versions: Material Design Icons plugin for WordPress versions up to, and including, 0.0.5 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...
WordPress plugin Material Design Icons 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...
CVE-2023-34022
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Rakib Hasan Dynamic QR Code Generator plugin = 0.0.5 versions...