32 matches found
CVE-2026-26192
Open WebUI (self-hosted offline) before v0.7.0 allows stored XSS via a crafted document payload by modifying chat history to set html in document metadata; the frontend treats contents as HTML and renders in an iframe during citation preview or shared chat view. Version 0.7.0 fixes the issue. No ...
CVE-2026-26192 Open WebUI vulnerable to Stored XSS via iFrame in citations model
Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to version 0.7.0, aanually modifying chat history allows setting the html property within document metadata. This causes the frontend to enter a code path that treats document contents as HTML...
CVE-2026-1912
The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1912
The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1912
CVE-2026-1912 concerns the WordPress plugin Citations tools, affected in all versions up to 0.3.2. The vulnerability is a Stored Cross-Site Scripting (Stored XSS) via the shortcodes/ctdoi code attribute, caused by insufficient input sanitization and output escaping on user-supplied attributes. Ex...
CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute
The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-1912 Citations tools <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute
The Citations tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'code' parameter in the 'ctdoi' shortcode in all versions up to, and including, 0.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Citations tools 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress Citations tools plugin <= 0.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'code' Shortcode Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'code' Shortcode Attribute vulnerability discovered by Gilang - DJ in WordPress Plugin Citations tools versions = 0.3.2...
[SECURITY] Fedora 42 Update: pandoc-3.1.11.1-33.fc42
Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...
CVE-2025-46579
creationtimestamp| type| source ---|---|--- 2025-04-27 02:08:56+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13595 2025-04-27 03:35:27+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnrd2ztzwq24 2025-04-27 03:48:44+00:00| seen|...
Hacking Scientific Citations
Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors names, publication year, journal or conference name, and page numbers of the...
github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations
...
[SECURITY] Fedora 39 Update: pandoc-3.1.3-29.fc39
Pandoc is a Haskell library for converting from one markup format to another. The formats it can handle include - light markup formats many variants of Markdown, reStructuredText, AsciiDoc, Org-mode, Muse, Textile, txt2tags - HTML formats HTML 4 and 5 - Ebook formats EPUB v2 and v3, FB2 -...
CVE-2024-23108
creationtimestamp| type| source ---|---|--- 2024-02-05 15:26:28+00:00| seen| https://t.me/ctinow/179262 2024-02-07 14:20:05+00:00| seen| https://t.me/truesecator/5386 2024-02-08 12:16:36+00:00| seen| https://t.me/itsecnews/4092 2024-02-08 16:26:19+00:00| seen| https://t.me/kasperskyb2b/1130...
CVE-2023-42821 github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses...
CVE-2023-42821 github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations
The package github.com/gomarkdown/markdown is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion 0.0.0-20230922105210-14b16010c2ee, which corresponds with commit 14b16010c2ee7ff33a940a541d993bd043a88940, parsing malformed markdown input with parser that uses...
Tulsa’s Police-Citation Data Leaked by Conti Gang
The city of Tulsa, OK is asking some of its residents to keep a close eye on their personal and financial accounts after the Conti ransomware group leaked some 18,000 city files, mostly police citations, on the dark web. The leak stemmed from a May 6 ransomware attack that caused the city to shut...
[SECURITY] Fedora 33 Update: pandoc-citeproc-0.17.0.1-3.fc33
The pandoc-citeproc library supports automatic generation of citations and a bibliography in pandoc documents using the Citation Style Language CSL ma cro language. More details on CSL can be found at . In addition to a library, the package includes an executable, pandoc-citepr oc, which works as...
CVE-2013-1744
Technical details are not publicly provided in the supplied documents; monitor for updates. Current descriptions indicate a remote command execution vulnerability in IRIS citations management tool up to version 1.3, with no further specifics in the connected sources.