CVE-2026-31860 Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...

Masa CMS 跨站脚本漏洞

Masa CMS is a digital experience platform. A cross-site scripting vulnerability exists in Masa CMS versions 7.2.8 and earlier, 7.3.1 through 7.3.13, 7.4.0-alpha.1 through 7.4.8, and 7.5.0 through 7.5.1, which stems from an ajax URL query parameter that is not cleaned up and included directly in t...

B2BBuilder recent vulnerability-vulnerability warning-the black bar safety net

1, The B2BBuilder head injection background arbitrary code execution The structure of the head test: 1 x-forwarded-for:' andselect 1 fromselect count,concatselect select select concat0x7e,0x27,password,user,0x27,0x7e from b2bbuilderadmin limit 0,1 from informationschema. tables limit...