PT-2026-20376

The Video Share VOD – Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 2.7.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...

Oracle Linux 9 : php (ELSA-2026-2799)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-2799 advisory. - Fix Heap buffer overflow in arraymerge CVE-2025-14178 Tenable has extracted the preceding description block directly from the Oracle Linux security...

CVE-2025-14289 IBM webMethods Integration Server is vulnerable to HTML injection

IBM webMethods Integration Server 12.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

IBM webMethods Integration Server 安全漏洞

IBM webMethods Integration Server is an application connector from International Business Machines IBM. An HTML injection vulnerability exists in IBM webMethods Integration Server version 12.0. An attacker could exploit this vulnerability to execute arbitrary Web script or HTML...

PortSwigger Web Security: HTML Injection in DAST Trial Request Form Confirmation Email – PortSwigger

A vulnerability was discovered in the DAST trial request form on the website, where user input in the "First Name" field was not properly sanitized before being included in confirmation emails. This allowed the injection of arbitrary HTML content, which would be rendered in the recipient's email...

[SECURITY] Fedora 42 Update: nginx-1.28.2-1.fc42

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

CVE-2026-26221

Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service Hyland.Core.Workflow.NTService.exe. An attacker who can reach the service can send crafted .NET Remoting requests to default HTTP channel endpoints on TCP/8900 e.g., TimerServiceAPI.rem and...

CVE-2026-0693 Allow HTML in Category Descriptions <= 1.2.4 - Authenticated (Administrator+) Stored Cross-Site Scripting via Category Descriptions

The Allow HTML in Category Descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via category descriptions in all versions up to, and including, 1.2.4. This is due to the plugin unconditionally removing the wpksesdata output filter for termdescription, linkdescription,...

PT-2026-8226

CVE-2026-26250 - Apache HTTP Server Cross-Site Request Forgery CVE ID : CVE-2026-26250 Published : Feb. 13, 2026, 4:15 a.m. | 3 hours, 16 minutes ago Description : Rejected reason: Not used Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and...

Google Chrome < 144.0.7559.177 Vulnerability

The version of Google Chrome installed on the remote macOS host is prior to 144.0.7559.177. It is, therefore, affected by a vulnerability as referenced in the 202602extended-stable-updates-for-desktop13 advisory. - Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote...

CVE-2019-25323

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and...

CVE-2019-25324

RICOH Web Image Monitor 1.09 contains an HTML injection vulnerability in the address configuration CGI script that allows attackers to inject malicious HTML code. Attackers can exploit the entryNameIn and entryDisplayNameIn parameters to insert arbitrary HTML content, potentially enabling...

CVE-2019-25323 Heatmiser Netmonitor 3.03 - HTML Injection

Heatmiser Netmonitor v3.03 contains an HTML injection vulnerability in the outputSetup.htm page that allows attackers to inject malicious HTML code through the outputtitle parameter. Attackers can craft specially formatted POST requests to the outputtitle parameter to execute arbitrary HTML and...

CVE-2019-25323

Heatmiser Netmonitor v3.03 is affected by an HTML injection in the outputSetup.htm page via the outputtitle parameter. The vulnerability allows an attacker to craft POST requests to inject arbitrary HTML and potentially alter the web interface’s displayed content. The CVE description specifies a ...

CVE-2020-37178

A flaw was found in KeePass. Attackers can exploit a denial of service vulnerability in the help system's HTML handling by dragging and dropping malicious HTML files into the help area. This action can lead to application instability or a crash, resulting in a denial of service. Mitigation Users...

Heatmiser Netmonitor 跨站脚本漏洞

Heatmiser Netmonitor is a temperature control system controller developed by Heatmiser Corporation. Version 3.03 of Heatmiser Netmonitor contains a cross-site scripting vulnerability. This vulnerability stems from an HTML injection in the outputtitle parameter of the outputSetup.htm page, which m...

CVE-2020-37178 KeePass 2.44 - Denial of Service (PoC)

KeePass Password Safe versions before 2.44 contain a denial of service vulnerability in the help system's HTML handling. Attackers can trigger the vulnerability by dragging and dropping malicious HTML files into the help area, potentially causing application instability or crash...

CVE-2020-37178

KeePass Password Safe

CVE-2026-2317

Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2025-70296

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...