EEF-CVE-2026-48596 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection

Summary Improper Neutralization of CRLF Sequences in HTTP Headers 'HTTP Request/Response Splitting' vulnerability in elixir-tesla tesla allows HTTP header injection via Tesla.Multipart.addcontenttypeparam/2. Tesla.Multipart.addcontenttypeparam/2 appends caller-supplied strings to the multipart...

CVE-2026-48598

The CVE-2026-48598 entry affects the Elixir Tesla library, specifically Tesla.Multipart.part_headers_for_disposition/1. The vulnerability arises from improper encoding of disposition parameters, treating each parameter as k="v" without sanitizing CR (\r), LF (\n), or double-quote characters. Mali...

Exploit for CVE-2026-38444

CVE Disclosures Coordinated vulnerability disclosures and CVE...

CVE-2026-8194

A security vulnerability has been detected in osTicket up to 1.18.3. Impacted is an unknown function of the file include/class.dispatcher.php of the component Dispatcher. The manipulation of the argument method leads to cross-site request forgery. Remote exploitation of the attack is possible. Th...

PT-2026-39407

Name of the Vulnerable Software and Affected Versions osTicket versions prior to 1.18.4 Description A cross-site request forgery issue exists in the Dispatcher component within the include/class.dispatcher.php file. The flaw allows remote exploitation through the manipulation of the method...

CVE-2023-25807

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

EUVD-2025-24695

Malicious code in bioql PyPI...

CVE-2025-54699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in masteriyo Masteriyo - LMS learning-management-system allows Stored XSS.This issue affects Masteriyo - LMS: from n/a through = 1.18.3...

CVE-2025-54699 WordPress Masteriyo - LMS Plugin plugin <= 1.18.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in masteriyo Masteriyo - LMS allows Stored XSS. This issue affects Masteriyo - LMS: from n/a through 1.18.3...

Use After Free

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free in the xmlSchemaItemListAdd function in xmlschemas.c, which is exploitable by supplying a malicious .xsd schema for validation. it may also be exploitable when an...

WordPress Popup Maker Plugin < 1.18.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:code-atlantic:popupmaker"; ifdescription...

WordPress Ona Theme < 1.18.3 is vulnerable to Cross Site Scripting (XSS)

Software Ona Type Theme Vulnerable versions 1.18.3 Fixed in 1.18.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2d8e2d709222 Credits Rafie Muhammad Patchstack Required privilege...

CVE-2023-25807

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

CVE-2023-25807 DataEase dashboard has a stored XSS vulnerability

DataEase is an open source data visualization and analysis tool. When saving a dashboard on the DataEase platform saved data can be modified and store malicious code. This vulnerability can lead to the execution of malicious code stored by the attacker on the server side when the user accesses th...

PT-2023-20319 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 1.18.3 Description: The issue concerns the DataEase platform, an open source data visualization and analysis tool. When saving a dashboard, an attacker can modify the saved data to store malicious code. This can lea...

DataEase 跨站脚本漏洞

DataEase is an open source data visualization and analysis tool. Used to help users quickly analyze data and insight into business trends , so as to achieve business improvement and optimization . DataEase version before 1.18.3 has a security vulnerability , the vulnerability stems from the saved...

CVE-2022-1705 affecting package golang 1.18.3-1

CVE-2022-1705 affecting package golang 1.18.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-30629 Session tickets lack random ticket_age_add in crypto/tls

Non-random values for ticketageadd in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption...

CVE-2022-28327 affecting package golang for versions less than 1.18.3-1

CVE-2022-28327 affecting package golang for versions less than 1.18.3-1. An upgraded version of the package is available that resolves this issue...