CVE-2026-29038 changedetection.io: Reflected XSS in RSS Tag Error Response

changedetection.io is a free open source web page change detection tool. Prior to version 0.54.4, there is a reflected cross-site scripting XSS vulnerability identified in the /rss/tag/ endpoint of changedetection.io. The taguuid path parameter is reflected directly in the HTTP response body...

Cross-Site Scripting in Wagtail

Impact When a form page type is made available to Wagtail editors through the wagtail.contrib.forms app, and the page template is built using Django's standard form rendering helpers such as form.asp as directed in the documentation, any HTML tags used within a form field's help text will be...