CVE-2026-42847

ClipBucket v5 is an open source video sharing platform. Prior to 5.5.3 - 122, there is a critical SQL Injection SQLi vulnerability in ClipBucket, exploitable through the type parameter on the authenticated admin endpoint adminarea/actionlogs.php. The endpoint adminarea/actionlogs.php reads...

CVE-2026-29173

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a stored XSS vulnerability exists when a user tries to update the Order Status from the Commerce Orders Table. The Order Status Name is rendered without proper escaping, allowing script execution to occur. This...

CVE-2026-29174

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Craft Commerce is vulnerable to SQL Injection in the inventory levels table data endpoint. The sort0direction and sort0sortField parameters are concatenated directly into an addOrderBy clause without any validation or...

ClipBucket SQL注入漏洞

ClipBucket is an open-source PHP script developed by MacWarrior. It is available for free download and used to host video websites. Versions of ClipBucket prior to 5.5.3 80 contained a SQL injection vulnerability. This vulnerability stemmed from insufficient cleaning of the userid parameter input...

CVE-2026-29176

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...

CVE-2026-29177

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...

CVE-2026-29176 Craft Commerce has Stored XSS in Inventory Location Name

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an...

CVE-2026-29175 Multiple Stored XSS in Commerce Inventory Page Leading to Session Hijacking

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...

CVE-2026-29175 Multiple Stored XSS in Commerce Inventory Page Leading to Session Hijacking

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 5.5.3, Stored XSS vulnerabilities exist in the Commerce Inventory page. The Product Title, Variant Title, and Variant SKU fields are rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript when any...

CVE-2026-29173

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a stored XSS vulnerability exists when a user tries to update the Order Status from the Commerce Orders Table. The Order Status Name is rendered without proper escaping, allowing script execution to occur. This...

CVE-2026-29172 Craft Commerce has a SQL Injection in Commerce Purchasables Table Sorting

Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, Craft Commerce is vulnerable to SQL Injection in the purchasables table endpoint. The sort parameter is split by | and the first part column name is passed directly as an array key to orderBy without whitelist...

Craft Commerce 跨站脚本漏洞

Craft Commerce is an e-commerce platform developed under the open-source Craft CMS framework. Versions prior to 4.10.2 and 5.5.3 of Craft Commerce contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering of the Shipping Method Name, Order Reference, or Si...

CVE-2026-28354 ClipBucket v5 has IDOR in Collection Item Management

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, collection item operations are vulnerable to authorization flaws, allowing a normal authenticated user to modify another user’s collection items. This affects both add item /actions/addtocollection.php due to missi...

CVE-2026-26997

ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 59, a normal authenticated user can store the XSS payload. The payload is triggered by administrator. Version 5.5.3 59 fixes the issue...

WordPress Bold Page Builder plugin <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid vulnerability

Authenticated Author+ Stored DOM-based Cross-Site Scripting in Post Grid vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Bold Page Builder versions = 5.5.3...

CVE-2025-66514

Nextcloud Mail prior to version 5.5.3 contains a stored HTML injection issue in the message list that lets an authenticated user inject HTML into email subjects. The Nextcloud Server content security policy blocks Javascript, which mitigates some risk. The issue is addressed by upgrading to Nextc...

PT-2025-49294

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 5.5.3 Description A stored HTML injection issue exists in the Mail app's message list, potentially allowing an authenticated user to inject HTML into email subjects. The Nextcloud Server’s content security poli...

Malicious code in com.mixpanel.unity (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a617ed7539b6703818676ef051a6c12331b0e014026d1b56fb7d72775d7ad5a1 The package com.mixpanel.unity was found to contain malicious code. Source: ossf-package-analysis...

EUVD-2024-45887

Malicious code in bioql PyPI...

EUVD-2025-13277

Malicious code in bioql PyPI...