CVE-2026-27120 Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...

EUVD-2022-6691

Malicious code in bioql PyPI...

EUVD-2024-42540

Malicious code in bioql PyPI...

DRUPAL-CONTRIB-2025-077

This module enables you to generate Table of content of your pages given a configuration. The module doesn't sufficiently sanitise data attributes allowing persistent Cross-site Scripting XSS attacks. This vulnerability is mitigated by the fact that an attacker must have a role with permission to...

WordPress Otter Blocks plugin <= 2.6.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Block Attributes vulnerability discovered by Ngô Thiên An ancorn in WordPress Plugin Otter - Gutenberg Block versions = 2.6.8...

DEBIAN-CVE-2017-6310

An issue was discovered in tnef before 1.4.13. Four type confusions have been identified in the fileaddmapiattrs function. These might lead to invalid read and write operations, controlled by an attacker...

CVE-2001-0263

Gene6 G6 FTP Server 2.0 aka BPFTP Server 2.10 allows attackers to read file attributes outside of the web root via the 1 SIZE and 2 MDTM commands when the "show relative paths" option is not enabled...