PT-2026-30674

An authenticated stored cross-site scripting XSS vulnerability in the creation/editing module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Content field...

CVE-2026-5532

The CVE-2026-5532 entry concerns ScrapeGraphAI scrapegraph-ai (up to version 1.74.0). The vulnerable element is the function create_sandbox_and_execute in scrapegraphai/nodes/generate_code_node.py of the GenerateCodeNode Component, where manipulation leads to an OS command injection. The attack c...

CVE-2026-5532 ScrapeGraphAI scrapegraph-ai GenerateCodeNode generate_code_node.py create_sandbox_and_execute os command injection

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function createsandboxandexecute of the file scrapegraphai/nodes/generatecodenode.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack may be...

PT-2026-30403

A vulnerability was found in ScrapeGraphAI scrapegraph-ai up to 1.74.0. The affected element is the function create sandbox and execute of the file scrapegraphai/nodes/generate code node.py of the component GenerateCodeNode Component. The manipulation results in os command injection. The attack m...

ScrapeGraphAI 操作系统命令注入漏洞

ScrapeGraphAI is an open-source intelligent web scraping library based on large language models. Versions of ScrapeGraphAI 1.74.0 and earlier contain a vulnerability related to operating system command injection, which stems from the createsandboxandexecute function’s ability to execute OS comman...

CVE-2016-20054

Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/usermanipulate and admin/settings/generall endpoints to...

CVE-2016-20054

CVE-2016-20054 concerns Nodcms and a cross-site request forgery (CSRF) vulnerability that enables unauthorized administrative actions via crafted forms. The issue allows tricking authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints t...

Directory Traversal

Overview @budibase/server is a Budibase Web Server Affected versions of this package are vulnerable to Directory Traversal via the fileUpload and the createTempFolder function. An attacker can delete arbitrary directories and write files to any location accessible by the Node.js process by...

JLSEC-2026-37

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated relevant protections too late or no...

JLSEC-2026-47

Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases where a subquery, WITH query, security invok...

JLSEC-2026-42

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

JLSEC-2026-41

Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security...

EUVD-2026-18139

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

CVE-2026-5325

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

CVE-2026-5325 SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

CVE-2026-5325 SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...

CVE-2026-5325

CVE-2026-5325 affects SourceCodester Simple Customer Relationship Management System 1.0. The issue lies in the Create Ticket component, specifically in /create-ticket.php where manipulating the Description argument causes cross-site scripting . Remote exploitation is possible, and the exploit has...

CVE-2026-5252

A security flaw has been discovered in z-9527 admin 1.0/2.0. Affected is an unknown function of the file /server/routes/message.js of the component Message Create Endpoint. Performing a manipulation results in cross site scripting. The attack can be initiated remotely. The exploit has been releas...

SourceCodester Simple Customer Relationship Management System 代码注入漏洞

SourceCodester Simple Customer Relationship Management System is a simple customer relationship management system developed under open source by SourceCodester. Version 1.0 of the SourceCodester Simple Customer Relationship Management System contains a code injection vulnerability. This...

PT-2026-29685

A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote...