CVE-2026-1643

The CVE-2026-1643 entry concerns the MP-Ukagaka WordPress plugin with Reflected Cross-Site Scripting vulnerabilities in all versions up to 1.5.2, caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary scripts into pages that are ex...

Arbitrary Code Execution

Orval is vulnerable to Arbitrary Code Execution. The vulnerability is due to incomplete sanitization of untrusted input during code generation, where insufficient escaping in jsStringEscape allows attackers to inject executable JavaScript using only non-alphanumeric characters via JSFuck...