CVE-2026-34825

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who...

CVE-2026-34825

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who...

CVE-2026-34825 NocoBase Has SQL Injection via template variable substitution in workflow SQL node

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase plugin-workflow-sql substitutes template variables directly into raw SQL strings via getParsedValue without parameterization or escaping. Any user who...

CVE-2026-34825

Summary (CVE-2026-34825) NocoBase’s plugin-workflow-sql component (pre-2.0.30) builds SQL by substituting template variables directly into raw SQL strings via getParsedValue(), with no parameterization or escaping. An attacker who triggers a workflow containing a SQL node using user-controlled da...

WordPress plugin B Blocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

CVE-2025-62366

Summary: CVE-2025-62366 affects the Node.js package Mailgen. The vulnerability lies in generatePlaintext in versions up to 2.0.30, where encoded HTML entities are not stripped and are later decoded, producing active HTML in plaintext output. If that plaintext is rendered as HTML, attacker-control...

EUVD-2024-46840

Malicious code in bioql PyPI...

CVE-2025-59526

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

CVE-2025-59526

CVE-2025-59526 affects the Node.js package mailgen. A HTML injection/XSS vulnerability exists in plaintext emails generated by Mailgen when using generatePlaintext(email) with user-provided content. The issue is fixed in version 2.0.30; a workaround is stripping HTML tags from input before passin...

CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

GHSA-J2XJ-H7W5-R7VP Mailgen: HTML injection vulnerability in plaintext e-mails

HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...

mailgen 跨站脚本漏洞

mailgen is an email generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen versions prior to 2.0.30, which stems from a failure to properly handle user-generated content and could lead to an HTML injection attack...

CVE-2024-5666

The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

WordPress plugin Extensions for Elementor security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

PT-2024-19926 · Unknown · Pilotpress

Name of the Vulnerable Software and Affected Versions: PilotPress versions n/a through 2.0.30 Description: The issue is related to a Missing Authorization vulnerability in PilotPress. This vulnerability affects PilotPress from version n/a through 2.0.30. Recommendations: For versions n/a through...

WordPress plugin PilotPress security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

TP-Link TL-WDR7660 Buffer Error Vulnerability

The TP-LINK TL-WDR7660 is a Gigabit router from China P&L TP-LINK. A buffer error vulnerability exists in the TP-Link TL-WDR7660 version 2.0.30, which stems from a stack overflow in the upgradeInfoJsonToBin function...

TP-LINK TL-WDR7660 Buffer Error Vulnerability

The TP-LINK TL-WDR7660 is a Gigabit router from China P&L TP-LINK. A security vulnerability exists in TP-Link TL-WDR7660 version 2.0.30, which originates from a stack overflow in the deviceInfoJsonToBincauses function...