CVE-2026-6397

The Sticky plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the cvmh-sticky shortcode readmoretext attribute in versions up to and including 2.5.6. This is due to insufficient input sanitization and output escaping in the cvmhstickyfrontrender function — the readmoretext...

EUVD-2026-30995

Template::Plugin::HTML versions through 3.102 for Perl allows HTML and JavaScript to be injected. The htmlfilter function did not escape single quotes. HTML attributes inside of single quotes could be have code injected. For example, the variable "var" in would not be properly escaped. An attacke...

PhoenixStorybook 代码注入漏洞

PhoenixStorybook is an open-source component display and interaction debugging UI tool developed by Phenix Digital. Versions of PhoenixStorybook from 0.5.0 to 1.1.0 had a code injection vulnerability. This vulnerability stemmed from uncleaned attribute value interpolation, which led to code...

CryptPad 跨站脚本漏洞

CryptPad is an open-source collaboration suite developed by CryptPad. Versions of CryptPad prior to 2026.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the HTML cleaner’s incomplete filtering of restricted tag attributes, allowing attackers to inject arbitrary...

PT-2026-42247

Name of the Vulnerable Software and Affected Versions MISP versions prior to 2.5.38 Description An issue exists in the ShadowAttribute proposal creation workflow where the add action accepts user-controlled request data without removing the id field before saving the record. Since the underlying...

PT-2026-42377

SiYuan Affected by Stored XSS via Attribute View Name to Electron Renderer RCE in github.com/siyuan-note/siyuan/kernel...

WordPress plugin Sticky 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

MISP 安全漏洞

MISP is a set of open-source software solutions developed by MISP. This product is used for collecting, storing, distributing, and sharing network security metrics. It also includes functions for analyzing threats to network security and malware analysis. Prior to MISP 2.5.38, there were security...

PT-2026-42062

Name of the Vulnerable Software and Affected Versions Sticky versions prior to 2.5.7 Description The Sticky plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs because the cvmh sticky front render function fails to properly sanitize input and escape output for the...

PT-2026-42069

Name of the Vulnerable Software and Affected Versions Logo Manager For Enamad versions prior to 0.7.5 Description The Logo Manager For Enamad plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied...

PT-2026-42179

Name of the Vulnerable Software and Affected Versions phoenix storybook versions 0.5.0 through 1.0.x Description Unauthenticated remote code execution is possible due to unsanitized attribute value interpolation during HEEx template generation. The psb-assign WebSocket event handler in the handle...

PT-2026-42190

Name of the Vulnerable Software and Affected Versions Cisco Nexus 3000 Series Switches versions prior to 10.61s Cisco Nexus 9000 Series Switches versions prior to 10.61s Description A flaw in the Border Gateway Protocol BGP enforce-first-as feature of Cisco Nexus 3000 and 9000 Series Switches in...

RHEL 9 : glib2 (RHSA-2026:19459)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19459 advisory. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in...

RHEL 9 : glib2 (RHSA-2026:19452)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19452 advisory. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in...

RHEL 9 : glib2 (RHSA-2026:19457)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:19457 advisory. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in...

Important: Red Hat Security Advisory: rsync security update

An update for rsync is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CLSA-2026-1779219098 grub2: Fix of CVE-2023-4692

CVE-2023-4692: fix OOB write when parsing NTFS $ATTRIBUTELIST entries...

CVE-2026-45186

A flaw was found in libexpat. When processing a specially crafted XML input containing a specific pattern of attributes, the parsing time increases quadratically due to checks for attribute name collisions. This consumes excessive CPU resources and eventually results in a denial of service...

tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments

A flaw was found in Tornado. A remote attacker could exploit this vulnerability by injecting specially crafted characters into the domain, path, and samesite arguments when setting cookies. This could lead to cookie attribute injection, potentially allowing for information disclosure or...

Moderate: Red Hat Security Advisory: python-tornado security update

An update for python-tornado is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...