CVE-2026-8981

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfilteredhtml capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOWUNFILTEREDHTML defined to inject...

PT-2026-47690

The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered html capability across all paths that write to its block template code fields, allowing administrators on multisite installations or single-site installs with DISALLOW UNFILTERED HTML defined to inje...

PT-2026-44328

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the staging media atomisp component where private IOCTLs Input/Output Control are not sufficiently safe. To address this, private IOCTLs are disallowed by returning fr...

CVE-2026-25890

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

Summary An authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashes e.g., //private/ to the path, the authorization check fails to match the rule, while the underlying filesystem resolves the path correctly, granting...

GHSA-4MH3-H929-W968 File Browser has a Path-Based Access Control Bypass via Multiple Leading Slashes in URL

Summary An authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashes e.g., //private/ to the path, the authorization check fails to match the rule, while the underlying filesystem resolves the path correctly, granting...

CVE-2026-25890

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

CVE-2026-25890

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashe...

PT-2026-7168

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.57.1 Description File Browser offers a file management interface for tasks like uploading, deleting, previewing, renaming, and editing files within a designated directory. Before version 2.57.1, an authenticate...

HtmlSanitizer has a bypass via template tag

Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...

GHSA-J92C-7V7G-GJ3F HtmlSanitizer has a bypass via template tag

Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...

CVE-2025-66488

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

CVE-2021-41087

in-toto-golang is a go implementation of the in-toto framework to protect software supply chain integrity. In affected versions authenticated attackers posing as functionaries i.e., within a trusted set of users for a layout are able to create attestations that may bypass DISALLOW rules in the sa...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

OpenXRechnungToolbox 代码问题漏洞

OpenXRechnungToolbox is a graphical user interface for visualizing and validating electronic invoices by Dr. Jan C. Thiele Personal Developer. A code issue vulnerability exists in OpenXRechnungToolbox version 2024-10-05-3.0.0 up to and including 6c50e89, which stems from the disallow-doctype-decl...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

PT-2025-52869

Name of the Vulnerable Software and Affected Versions OpenXRechnungToolbox versions through 2024-10-05-3.0.0 Description The software contains an XML External Entity XXE issue due to the missing disallow-doctype-decl feature in the visualization/VisualizerImpl.java component. Recommendations Upda...

CVE-2024-58335

OpenXRechnungToolbox through 2024-10-05-3.0.0 before 6c50e89 allows XXE because the disallow-doctype-decl feature is not enabled in visualization/VisualizerImpl.java...

CVE-2024-58335

OpenXRechnungToolbox: AXXE vulnerability exists in versions through 2024-10-05-3.0.0 up to commit 6c50e89, caused by the disallow-doctype-decl feature not being enabled in visualization/VisualizerImpl.java. The issue enables external entity processing and is supported by multiple sources; exploit...