EUVD-2026-7406

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

CVE-2026-27126

Craft CMS has a stored XSS vulnerability in the editableTable.twig component when using the html column type. Affects versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22. The issue is due to inadequate sanitization of the html column input, enabling arbitrary JavaScript execution when...

CVE-2026-27126 Craft CMS has Stored XSS in Table Field via "HTML" Column Type

Craft is a content management system CMS. In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, a stored Cross-site Scripting XSS vulnerability exists in the editableTable.twig component when using the html column type. The application fails to sanitize the input, allowing an attack...

Cross-site Scripting (XSS)

Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the editableTable.twig component when the html column type is used. An attacker can execute arbitrary JavaScript in the context of another user's session by...

CVE-2022-23458

Toast UI Grid is a component to display and edit data. Versions prior to 4.21.3 are vulnerable to cross-site scripting attacks when pasting specially crafted content into editable cells. This issue was fixed in version 4.21.3. There are no known workarounds...

CVE-2025-61950

CVE-2025-61950 affects Japan Total System GroupSession family (Free edition before ver5.3.0, byCloud before ver5.3.3, ZION before ver5.3.2). Description: an authenticated user can bypass authorization and alter the memo field of a Circular notice due to an improper authorization check. Impact des...

CVE-2025-66474

The CVE-2025-66474 entry concerns XWiki Rendering. Affected: XWiki Rendering versions 16.10.9 and earlier, 17.0.0-rc-1 through 17.4.2, and 17.5.0-rc-1 through 17.5.0. Root cause: insufficient protection against {{/html}} injection, enabling attackers who can edit a profile or any document to exec...

Important: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update

An update is now available for Red Hat Ansible Automation Platform 2.6 Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

MAL-2025-94477 Malicious code in fellow_caribou_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 02a64b18d398bf799d127bdaa124ac9c1565aec4c22903456dcbb4a15ff79874 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

[SECURITY] Fedora 43 Update: uv-0.9.7-2.fc43

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 43 Update: uv-0.9.5-1.fc43

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 41 Update: uv-0.9.5-1.fc41

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

EUVD-2012-6479

Malware in sbrugna...

EUVD-2017-14556

Malware in sbrugna...

Cross Site Scripting (XSS)

ckeditor5 is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of malicious content inserted into the editor when specific configurations are enabled such as the HTML embed plugin or custom plugins with editable RawElement views, which allows an attacker to...

EUVD-2024-19281

Malicious code in bioql PyPI...

[SECURITY] Fedora 42 Update: uv-0.8.11-4.fc42

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

[SECURITY] Fedora 43 Update: uv-0.8.11-4.fc43

An extremely fast Python package installer and resolver, written in Rust. Designed as a drop-in replacement for common pip and pip-tools workflows. Highlights: =E2=80=A2 =E2=9A=96=EF=B8=8F Drop-in replacement for common pip, pip-tools, and virtualenv commands. =E2=80=A2 =E2=9A=A1=EF=B8=8F 10-100x...

DEBIAN-CVE-2025-59518

In LemonLDAP::NG before 2.16.7 and 2.17 through 2.21 before 2.21.3, OS command injection can occur in the Safe jail. It does not Localize during rule evaluation. Thus, an administrator who can edit a rule evaluated by the Safe jail can execute commands on the server...