CVE-2026-27094 WordPress CoBlocks plugin <= 3.1.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through = 3.1.16...

PT-2026-20771

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in GoDaddy CoBlocks coblocks allows Stored XSS.This issue affects CoBlocks: from n/a through = 3.1.16...

WordPress plugin CoBlocks 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. WordPress...

CVE-2023-4006

Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

CVE-2023-4007

Cross-site Scripting XSS - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16...

WordPress CoBlocks plugin <= 3.1.16 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin CoBlocks versions = 3.1.16...

CSV Injection

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to CSV Injection via the users data export feature. An attacker can execute arbitrary commands on the system by injecting malicious formulas into the profi...

EUVD-2023-2128

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-49007

Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can caus...

Rack 安全漏洞

Rack is a modular Ruby web server interface from the Rack open source. A security vulnerability exists in Rack versions prior to 3.1.16, which stems from a denial-of-service vulnerability in the Content-Disposition parsing component that could lead to a service interruption...

CVE-2024-55660

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables...

CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

CVE-2025-23026 HTML templates containing Javascript template strings are subject to XSS in jte

jte Java Template Engine is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. The javaScriptBlock and javaScriptAttribute methods in th...

SUSE CVE-2024-55657

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16...

SUSE CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

CVE-2024-55659

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

CVE-2024-55657

SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16...

CVE-2024-55660 SiYuan has an SSTI via /api/template/renderSprig

SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables...

CVE-2024-55659 SiYuan has an arbitrary file write in the host via /api/asset/upload

SiYuan is a personal knowledge management system. Prior to version 3.1.16, the /api/asset/upload endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting via the file write. Version 3.1.16 contains a patch for the issue...

CVE-2024-55658

SiYuan has a path traversal vulnerability in its API: /api/export/exportResources allows arbitrary file reads on versions prior to 3.1.16 by manipulating the paths parameter to traverse the workspace directory structure. The issue is confirmed across multiple sources confirming 3.1.16 includes a ...