CVE-2026-30615

A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious instructions can cause unauthorized modification of the local MCP configuration and automatic...

Remote file inclusion

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page...

Koha HTML Injection Vulnerability

Koha is the first open source library automation system. Koha suffers from an HTML injection vulnerability that allows an attacker to execute attacker-supplied HTML and script code in the context of an affected browser...

SAP cFolders Cross Site Scripting And HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/34658/info SAP cFolders is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data. Attacker-supplied HTML or JavaScript code could run in the...

3Com Wireless 8760 Dual-Radio 11a/b/g PoE - Multiple Vulnerabilities

source: https://www.securityfocus.com/bid/32358/info 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point is prone to multiple security vulnerabilities, including an HTML-injection issue and an authentication-bypass issue. Successfully exploiting these issues will allow an attacker to obtain...