107781 matches found
MAL-2026-6766 Malicious code in @marketfront/baobabtech (npm)
The @marketfront/baobabtech package is part of a 25-package malicious campaign batch-published to the @marketfront npm scope by npm user 'marketfront' [email protected] within a roughly 3-minute window on 2026-07-01. All packages in the campaign were published at version 7.0.0 and use...
PT-2026-55464
Name of the Vulnerable Software and Affected Versions kerberos-io/agent versions prior to 3.6.26 Description An issue exists in the Kerberos Hub upload path where the agent sends credentials in the custom X-Kerberos-Hub-PrivateKey and X-Kerberos-Hub-PublicKey request headers to the...
PT-2026-54937
Name of the Vulnerable Software and Affected Versions Product Video Gallery for Woocommerce versions prior to 1.5.1.9 Description Stored Cross-Site Scripting occurs due to insufficient input sanitization and output escaping. Authenticated attackers with shop manager-level access or higher can...
Critical: Red Hat Security Advisory: Cluster Observability Operator 1.5.0
The Cluster Observability Operator COO is a Red Hat OpenShift Container Platform Operator that you can deploy to manage observability component stacks by using custom resource descriptions CRDs. The 1.5 release of COO...
CVE-2026-13454
The MotoPress Appointment Booking plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 2.4.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2026-13454
CVE-2026-13454 affects MotoPress Appointment Booking for WordPress (
CVE-2026-7517
The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-7517 Custom Payment Gateways for WooCommerce <= 2.1.0 - Unauthenticated Stored Cross-Site Scripting via 'alg_wc_cpg_input_fields' Parameter
The Custom Payment Gateways for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'algwccpginputfields' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2026-7517
The CVE-2026-7517 entry concerns the Custom Payment Gateways for WooCommerce WordPress plugin. It is vulnerable to Stored Cross-Site Scripting via the alg_wc_cpg_input_fields parameter in all versions up to 2.1.0 due to insufficient input sanitization and output escaping. Exploitation is possible...
EUVD-2026-40444
n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...
CVE-2026-56356
n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...
DEBIAN-CVE-2026-14046
Inappropriate implementation in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13955
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. Chromium security severity: Medium...
CVE-2026-13955
Technical details are not publicly available in the provided documents. Monitor for updates on CVE-2026-13955.
CVE-2026-13955
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform UI spoofing via a malicious file. Chromium security severity: Medium...
CVE-2026-13863
Insufficient validation of untrusted input in CustomTabs in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to perform privilege escalation via a malicious file. Chromium security severity: Medium...
CVE-2026-56356 n8n - Stored Cross-Site Scripting in Chat Trigger Node Custom CSS Field
n8n contains a stored cross-site scripting vulnerability in the Chat Trigger node's Custom CSS field due to a misconfiguration of the sanitize-html library. Affected releases are those before 1.123.27, the 2.0.0 through 2.13.2 line, and 2.14.0 fixed in 1.123.27, 2.13.3, and 2.14.1. An authenticat...
CVE-2026-56356
Summary: CVE-2026-56356 affects n8n’s Chat Trigger node Custom CSS field, where a misconfiguration of the sanitize-html library allows stored XSS. Affected versions: before 1.123.27; 2.0.0–2.13.2; 2.14.0. Impact: an authenticated user with workflow creation/modification rights can inject JavaScri...
EUVD-2026-36094
Fission: Cross-namespace Environment reference in Package allows build-time command execution and SA token exfiltration...
CVE-2026-27955
Summary: CVE-2026-27955 affects Coolify prior to 4.0.0-beta.464, where the executeInDocker() helper wraps commands in bash -c '{$command}' without escaping single quotes. User-controlled fields docker_compose_custom_build_command and docker_compose_custom_start_command are interpolated directly, ...