1510 matches found
CVE-2026-32844
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
CVE-2026-1806
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...
Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6
Red Hat OpenShift Service Mesh 3.1.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....
CVE-2026-26831
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...
Exploit for CVE-2026-26831
CVE-2026-26831: OS command injection in textract Summary...
GO-2026-4733 Mattermost fails to bound memory allocation when processing DOC files in github.com/mattermost/mattermost-server
Mattermost fails to bound memory allocation when processing DOC files in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
CVE-2026-1806 Tour & Activity Operator Plugin for TourCMS <= 1.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-1806
The Tour & Activity Operator Plugin for TourCMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'target' parameter of the tourcmsdoclink shortcode in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possib...
CVE-2026-32844
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
CVE-2026-32844
XinLiangCoder php_api_doc contains a reflected XSS via list_method.php (GET parameter f) after commit 1ce5bbf. Unsanitized input is echoed to the page, enabling execution of arbitrary JavaScript in victims’ browsers. Impact cited includes session hijacking, credential theft, or malware distributi...
CVE-2026-32844 XinLiangCoder / php_api_doc Reflected XSS via list_method.php
XinLiangCoder phpapidoc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in listmethod.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL with...
php_api_doc 跨站脚本漏洞
phpapidoc is a PHP API documentation generation tool developed by Wally’s personal developer. phpapidoc has a cross-site scripting vulnerability, which stems from improper cleaning of the f parameter in the listmethod.php file. This vulnerability may lead to reflective cross-site scripting attack...
EUVD-2026-12430
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...
Mattermost fails to bound memory allocation when processing DOC files
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value during the creation and expansion of DOC files. An attacker can exhaust server memory resources by uploading a specially crafted DOC file, leading to a denial of service. Remediation Upgrade...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value during the creation and expansion of DOC files. An attacker can exhaust server memory resources by uploading a specially crafted DOC file, leading to a denial of service. Remediation Upgrade...
GHSA-XV2P-WCHJ-QJHP Mattermost fails to bound memory allocation when processing DOC files
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...
CVE-2026-25780
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...
CVE-2026-25780 Memory Exhaustion via Malformed DOC File Upload
Mattermost versions 11.3.x = 11.3.0, 11.2.x = 11.2.2, 10.11.x = 10.11.10 fail to bound memory allocation when processing DOC files which allows an authenticated attacker to cause server memory exhaustion and denial of service via uploading a specially crafted DOC file.. Mattermost Advisory ID:...
PT-2026-25712
Mattermost fails to bound memory allocation when processing DOC files in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...