936 matches found
PT-2026-24958
Name of the Vulnerable Software and Affected Versions Canonical LXD versions 4.12 through 6.6 Description An improper sanitization of the compression algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API cal...
CVE-2026-31877
Frappe (full-stack web framework) contains a SQL injection vulnerability prior to versions 15.84.0 and 14.99.0, exploitable via a specially crafted request to a certain endpoint. The issue can lead to information disclosure with high impact to confidentiality and integrity. The vulnerability is f...
CVE-2026-31877 Frappe SQL Injection due to improper field sanitization
Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0...
CVE-2026-31877 Frappe SQL Injection due to improper field sanitization
Frappe is a full-stack web application framework. Prior to 15.84.0 and 14.99.0, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. This vulnerability is fixed in 15.84.0 and 14.99.0...
CVE-2026-1090
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the markdownplaceholders feature flag was enabled, to inject JavaScript in a browser due to improper...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...
SQLi-Exfiltration-Lab
SQL Injection SQLi - Database Exfiltration Lab Overview...
Remote Code Execution (RCE)
craftcms/cms is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper sanitization of user-supplied configuration data in the assembleLayoutFromPost function before passing it to Craft::createObject, which allows an authenticated administrator to inject malicious Yii2...
WordPress plugin Smartsupp – live chat, AI shopping assistant and chatbots 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
BIT-MOODLE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses
A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...
CVE-2025-67849
A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...
CVE-2025-67849 Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses
A flaw was found in Moodle. This cross-site scripting XSS vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interface...
CVE-2025-67849
CVE-2025-67849 affects Moodle with an XSS flaw caused by improper sanitization of AI prompt responses. The vulnerability allows injecting malicious HTML/script into pages viewed by other users, potentially stealing sessions or manipulating the UI. Connected sources (Nessus/NASL, CVE records, OSV/...
Kodmatic Online Exam and Assessment SQL Injection Vulnerability
Kodmatic Online Exam and Assessment is an online examination software developed by Kodmatic Corporation. Versions of Kodmatic Online Exam and Assessment prior to 30012026 contained a SQL injection vulnerability. This vulnerability stemmed from improper neutralization of special elements in SQL...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
GHSA-RPC5-PM7Q-HJMP billboard.js is vulnerable to XSS during chart option binding
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
Cross-site Scripting (XSS)
Overview org.webjars.npm:billboard.js is a Re-usable easy interface JavaScript chart library, based on D3 v4+ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization in the chart option binding. An attacker can execute arbitrary JavaScript code by...
Cross-site Scripting (XSS)
Overview billboard.js is a Re-usable easy interface JavaScript chart library, based on D3 v4+ Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper sanitization in the chart option binding. An attacker can execute arbitrary JavaScript code by supplying crafted...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...
CVE-2026-1513
billboard.js before 3.18.0 allows an attacker to execute malicious JavaScript due to improper sanitization during chart option binding...