166 matches found
CVE-2026-26193
Open WebUI (self-hosted, offline) is affected prior to v0.6.44. The vulnerability arises from allowing manual modification of chat history to set the embeds property on a response message, which is loaded into an iframe with an aggressive sandbox (allow-scripts and allow-same-origin) that bypasse...
PT-2026-20918
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.6.44 Description Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Manually modifying chat history allows setting the embeds property on a response message. The...
CVE-2023-4799
The Magic Embeds WordPress plugin before 3.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-14144
The Mstoic Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'start' parameter of the msyoutubeembeds shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
GHSA-MCMC-2M55-J8JJ vLLM introduced enhanced protection for CVE-2025-62164
Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...
vLLM introduced enhanced protection for CVE-2025-62164
Summary The fix here for CVE-2025-62164 is not sufficient. The fix only disables prompt embeds by default rather than addressing the root cause, so the DoS vulnerability remains when the feature is enabled. Details vLLM's pending change attempts to fix the root cause, which is the missing sparse...
WordPress plugin Mstoic Shortcodes 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...
PT-2026-1631
Name of the Vulnerable Software and Affected Versions Mstoic Shortcodes plugin for WordPress versions prior to 2.1 Description The Mstoic Shortcodes plugin for WordPress is susceptible to Stored Cross-Site Scripting. This occurs through the start parameter of the ms youtube embeds shortcode due t...
EUVD-2017-15871
Malware in sbrugna...
EUVD-2025-5672
Malicious code in bioql PyPI...
EUVD-2024-3271
Malicious code in bioql PyPI...
EUVD-2025-17143
Malicious code in bioql PyPI...
EUVD-2025-8611
Malicious code in bioql PyPI...
EUVD-2024-46135
Malicious code in bioql PyPI...
EUVD-2025-25237
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-28033
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. CVE-2020-28033 Note that Nessus...
OESA-2025-1912 thunderbird security update
Security Fixes: A use-after-free in FontFaceSet resulted in a potentially exploitable crash. This vulnerability affects Firefox 140, Firefox ESR 115.25, Firefox ESR 128.12, Thunderbird 140, and Thunderbird 128.12.CVE-2025-6424 An attacker who enumerated resources from the WebCompat extension coul...
CVE-2025-5194
The WP Map Block WordPress plugin before 2.0.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-49429
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Burnette Video Embeds video-embeds allows Stored XSS.This issue affects Video Embeds: from n/a through = 0.1.1...
CVE-2025-49429
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryan Burnette Video Embeds video-embeds allows Stored XSS.This issue affects Video Embeds: from n/a through = 0.1.1...