CVE-2026-4895

The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...

CVE-2026-1285

An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...

PT-2026-6035

Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The...

EUVD-2021-2315

Malware in sbrugna...

EUVD-2003-0598

Malware in sbrugna...

EUVD-2005-2543

Malware in sbrugna...

EUVD-2021-2126

Malware in sbrugna...

EUVD-2023-2267

Malicious code in bioql PyPI...

EUVD-2024-37174

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-41165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all...

PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...

CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser

PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...

PhpSpreadsheet 代码问题漏洞

PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and prior to 5.0.0, which stems from a server-side request forgery during HTML document processing...

ROS-20250822-03

SafeHtml validator vulnerability in Hibernate Validator library is related to failure to take measures to protect web page structure when processing HTML content. web page structure when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to conduct...

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A vulnerability was found in WebKitGTK. The flaw exists due to a logic issue when processing HTML content in WebKit. This flaw allows a remote attacker to create a specially crafted web page, trick the victim into visiting it, and prevent the Content Security Policy from being enforced, allowing...

webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free

A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a use-after-free error and leading to the execution of arbitrary cod...

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution

A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system...

The vulnerability of the platform for monitoring, managing, and improving LLM applications lies in the insufficient protection of the website structure, allowing attackers to perform cross-site scripting attacks.

The vulnerability of the platform for monitoring, managing, and improving LLM applications is related to insufficient protection of the web page structure when processing the dangerouslySetInnerHTML attribute. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

ROS-2-594

2.594 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...

ROS-2-574

2.574 Vulnerability in Mozilla Thunderbird email client CVE-2021-29970, CVE-2021-30547, CVE-2021-29976, CVE-2021-29969. 1. Vulnerability Description: CVE-2021-29970 Vulnerability in Mozilla Thunderbird email client, related to HTML content processing error. Exploitation of the vulnerability could...