CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

EUVD-2026-7406

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

CVE-2026-27126

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

Support Statement — Microsoft 365 Changes to Throttling Enforcement

Support Statement This article documents upcoming changes Microsoft is making to application throttling enforcement in Microsoft 365 environments and its potential impact on customers using Veeam Backup for Microsoft 365 and Veeam Data Cloud for Microsoft 365. What's changing? Microsoft has...

Cross-site Scripting (XSS)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the editableTable.twig component when the html column type is used. An attacker can execute arbitrary JavaScript in the context of another user's session by...

GHSA-3JH3-PRX3-W6WC Craft CMS has Stored XSS in Table Field via "HTML" Column Type

A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field. Prerequisite...

Craft CMS has Stored XSS in Table Field via "HTML" Column Type

A stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attacker to execute arbitrary JavaScript when another user views a page with the malicious table field. Prerequisite...

CVE-2026-23694

Aruba HiSpeed Cache aruba-hispeed-cache WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery CSRF vulnerability affecting multiple administrative AJAX actions. The handlers for ahscresetoptions, ahscdebugstatus, and ahscenablepurge perform authentication and capability...

CVE-2026-23694 Aruba HiSpeed Cache < 3.0.5 CSRF in Multiple Administrative AJAX Actions

Aruba HiSpeed Cache aruba-hispeed-cache WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery CSRF vulnerability affecting multiple administrative AJAX actions. The handlers for ahscresetoptions, ahscdebugstatus, and ahscenablepurge perform authentication and capability...

CVE-2026-23694

CVE-2026-23694 affects Aruba HiSpeed Cache for WordPress before version 3.0.5. The flaw is a CSRF in multiple administrative AJAX actions (ahsc_reset_options, ahsc_debug_status, ahsc_enable_purge) where authentication and capability checks run, but WordPress nonces are not verified for state-chan...

CVE-2026-23694 Aruba HiSpeed Cache < 3.0.5 CSRF in Multiple Administrative AJAX Actions

Aruba HiSpeed Cache aruba-hispeed-cache WordPress plugin versions prior to 3.0.5 contain a cross-site request forgery CSRF vulnerability affecting multiple administrative AJAX actions. The handlers for ahscresetoptions, ahscdebugstatus, and ahscenablepurge perform authentication and capability...

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27513

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

CVE-2026-27513 Tenda F3 CSRF in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

CVE-2026-27511 Tenda F3 Clickjacking in Web Management Interface

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27511

Summary: CVE-2026-27511 affects Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi. The issue is a clickjacking vulnerability in the web-based administrative interface caused by the absence of the X-Frame-Options header, enabling attacker-controlled sites to embed admin pages in an ifr...

CVE-2026-2861

A vulnerability was detected in Foswiki up to 2.1.10. The affected element is an unknown function of the component Changes/Viewfile/Oops. The manipulation results in information disclosure. It is possible to launch the attack remotely. The exploit is now public and may be used. Upgrading to versi...

PT-2026-21531

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not implement anti-CSRF protections. This allows an attacker to make an authenticated administrator submit requests...