CVE-2026-44580 Next.js: Cross-site scripting in beforeInteractive scripts with untrusted input

Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escap...

CVE-2026-43507

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...

Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to cross-site scripting (CVE-2026-25896)

Summary Node.js module fast-xml-parser is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to cross-site scripting. This bulletin provides patch information to address the reported vulnerability in Node.js module...

[SECURITY] Fedora 42 Update: python-unicodedata2-17.0.0-1.fc42

This module provides access to the Unicode Character Database UCD which defines character properties for all Unicode characters. The data contained in this database is compiled from the UCD version 13.0.0. The versions of this package match Unicode versions, so unicodedata2=3D=3D13. 0.0 is data...

CVE-2025-66402

Misskey CVE-2025-66402 affects versions 13.0.0-beta.16 through before 2025.12.0, where an actor without permission to view favorites or clips could export posts and view contents, exposing private data. Version 2025.12.0 fixes the issue. The vulnerability stems from the export functionality not e...

Malicious code in @eqder/bird (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7acc999c2ea175e62266081a166ad731b10ac9621b965f28186121fbece6a1bb The package @eqder/bird was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-48946 Malicious code in @eqder/bird (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7acc999c2ea175e62266081a166ad731b10ac9621b965f28186121fbece6a1bb The package @eqder/bird was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2025-35423

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through = 13.0.0...

CVE-2025-60135 WordPress WeShare Buttons Plugin <= 13.0.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through = 13.0.0...

EUVD-2017-15216

Malware in sbrugna...

EUVD-2019-16153

Malware in sbrugna...

The Backup Plus extension for TYPO3 (ns_backup) allows XSS

The nsbackup extension through 13.0.0 for TYPO3 allows XSS...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 13.0.0 and earlier, which stems from a predictable resource location...

TYPO3 10.4.0 < 10.4.50 ELTS / 11.0.0 < 11.5.44 ELTS / 12.0.0 < 12.4.31 / 13.0.0 < 13.4.12 (TYPO3-CORE-SA-2025-016)

The version of TYPO3 installed on the remote host is 10.4.0 prior to 10.4.50 ELTS / 11.0.0 prior to 11.5.44 ELTS / 12.0.0 prior to 12.4.31 / 13.0.0 prior to 13.4.12. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-016 advisory. - Administrator-level backend...

PT-2025-12353 · Luxion · Luxion Keyshot

Name of the Vulnerable Software and Affected Versions: Luxion KeyShot versions 4.10.171 and 13.0.0 Build 92 Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required, as the target must visit a...

Drupal Open Social module < 12.3.8,12.4.0-12.4.4,13.0.0-13.0.0-alpha10 - Unauthenticated Denial of Service Attack vulnerability

Unauthenticated Denial of Service Attack vulnerability discovered by vnech in WordPress Module Open Social versions 12.3.8,12.4.0-12.4.4,13.0.0-13.0.0-alpha10...

CVE-2024-34355 TYPO3 vulnerable to an HTML Injection in the History Module

TYPO3 is an enterprise content management system. Starting in version 13.0.0 and prior to version 13.1.1, the history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML...

PT-2024-25812 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 13.0.0 through 13.1.0 Description: The history backend module is vulnerable to HTML injection. Although Content-Security-Policy headers effectively prevent JavaScript execution, adversaries can still inject malicious HTML marku...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 CMS versions 13.0.0 through 13.1.0 that stems from vulnerability to HTML injection...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 CMS that originates from uncontrolled resource consumption in ShowImageController. The affected versions are as follows: 9.0.0 to 9.5.47; 10.0.0 t...