Improper Output Handling

Apache Log4j Core is vulnerable to Improper Output Handling. The vulnerability is due to XmlLayout failing to sanitize characters forbidden by the XML 1.0 specification, allowing log messages or MDC values to produce malformed XML or trigger exceptions during logging, which can lead to dropped or...

CVE-2026-27001 OpenClaw: Unsanitized CWD path injection into LLM prompts

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, OpenClaw embedded the current working directory workspace path into the agent system prompt without sanitization. If an attacker can cause OpenClaw to run inside a directory whose name contains control/format characters for example...

EUVD-2021-21890

Malware in sbrugna...

EUVD-2023-36285

Malicious code in bioql PyPI...

GHSA-HWCP-2H35-P66W PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header

Cross-Site Scripting XSS vulnerability of the hyperlink base in the HTML page header Product: Phpspreadsheet Version: version 3.6.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS...

Cross-site Scripting (XSS)

orchardcore is vulnerable to cross-site scripting. The vulnerability exists due to a lack of sanitization of special characters allowing an attacker to inject maliciously crafted script...

Atlassian Crucible for Windows < 4.4.6, 4.5.x < 4.5.3 Remote Code Execution Vulnerability

According to its self-reported version, the installation of Atlassian Crucible running on the remote Windows host is prior to 4.4.6 or 4.5.x prior to 4.5.3. It is, therefore, affected by a remote command execution vulnerability due to improper sanitization of characters in a Mercurial repository...

Google Chrome < 59.0.3071.115 Character Sanitization Vulnerability

Binary data 700343.pasl...