3306 matches found
EUVD-2026-27482
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...
CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API
Masa CMS is an open source content management system. In versions 7.2.0 through 7.2.9, 7.3.0 through 7.3.14, 7.4.0 through 7.4.9, and 7.5.0 through 7.5.2, the unauthenticated JSON API accepts an altTable parameter that is stored via the setAltTable method without validation or sanitization. This...
Masa CMS SQL注入漏洞
Masa CMS is a digital experience platform. Masa CMS has a SQL injection vulnerability, which stems from the unvalidated JSON API accepting the altTable parameter and storing it through the setAltTable method. This may allow unauthorized attackers to read sensitive data through arbitrary subquerie...
JLSEC-2026-394
When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...
CVE-2026-5077 Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...
CVE-2026-5077 Total <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title in Blog Section Image alt Attribute
The Total theme for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in versions up to, and including, 2.2.1 due to insufficient output escaping when rendering thetitle inside HTML attribute context in the home blog section template. This makes it possible for authenticated...
EUVD-2026-26555
In the Linux kernel, the following vulnerability has been resolved: vt: discard stale unicode buffer on alt screen exit after resize When enteraltscreen saves vcunilines into vcsavedunilines and sets vcunilines to NULL, a subsequent console resize via vcdoresize skips reallocating the unicode...
CVE-2026-31742
The CVE-2026-31742 issue affects the Linux kernel’s virtual terminal (vt) handling of alternate screen mode. When entering alt screen, vc_uni_lines is saved to vc_saved_uni_lines and vc_uni_lines is set to NULL. A subsequent console resize can skip reallocating the unicode buffer because vc_uni_l...
WordPress Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimizer (image SEO) plugin <= 2.1.0 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Bulk Auto Image Alt Text Alt tag, Alt attribute optimization image SEO + Woocommerce versions = 2.1.0...
WordPress Image Alt Text Manager – Bulk & Dynamic Alt Tags For image SEO Optimization + AI plugin <= 1.6.3 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Alt Manager versions = 1.6.3...
CVE-2026-5428
The CVE concerns the Royal Elementor Addons for WordPress (Image Grid/Slider/Carousel widget) with versions ≤ 1.7.1056. The root cause is insufficient output escaping in render_post_thumbnail(), where wp_kses_post() is used for the alt attribute context instead of escaping, enabling Stored Cross-...
CVE-2026-41318
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...
CVE-2026-41318
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...
EUVD-2026-25387
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...
AnythingLLM 跨站脚本漏洞
AnythingLLM is an integrated AI application developed by Mintplex. Versions of AnythingLLM prior to 1.12.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the markdown renderer in the chart component not encoding the alt text as HTML, which could lead to storage-ty...
PT-2026-34844
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...
CLSA-2026-1775238894 Update of alt-php
Bump ABI 5.4.0-226...
Linux Distros Unpatched Vulnerability : CVE-2026-32884
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of...
CVE-2026-3350
The Image Alt Text Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title in all versions up to, and including, 1.8.2. This is due to insufficient input sanitization and output escaping when dynamically generating image alt and title attributes using a DOM...
CVE-2026-0609
The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt text in all versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping in the 'logo-slider' shortcode...