CVE-2025-40901

CVE-2025-40901 describes a stored HTML injection in the Credentials Manager ( Guardian/CMC ) prior to 26.1.0. The root cause is improper validation of an input parameter, allowing an administrator to define an identity containing HTML tags. When a victim deletes that identity, the injected HTML c...

CVE-2026-26046

A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator coul...

Kentico Xperience 跨站脚本漏洞

Kentico Xperience is a digital experience platform from Kentico. A cross-site scripting vulnerability exists in the Kentico Xperience rich text editor component that can be exploited by an attacker to execute arbitrary script in a user's browser...

CVE-2024-48870

Sharp and Toshiba Tec MFPs improperly validate input data in URI data registration, resulting in a stored cross-site scripting vulnerability. If crafted input is stored by an administrative user, malicious script may be executed on the web browsers of other victim users...