CVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

CVE-2026-5784

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Stored XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

EUVD-2026-28338

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

EUVD-2025-209712

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

CVE-2025-62127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

CVE-2025-62127

The CVE-2025-62127 entry describes a DOM-based Cross-Site Scripting (XSS) vulnerability in WordPress plugin WEN Logo Slider (WEN Themes) affecting versions up to 3.4.0. The underlying issue is improper input neutralization during web page generation, enabling XSS within the plugin’s rendering pip...

CVE-2026-27421

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

GHSA-585V-HCGF-JHFR Free5GC UDM has Improper Input Validation and Generation of Error Messages Containing Sensitive Information

Summary The free5GC UDM component fails to validate the supi path parameter in six GET handlers of the nudm-sdm Subscriber Data Management service. An unauthenticated attacker can inject control characters into the SUPI parameter, causing UDM to forward a malformed request to UDR and return a 500...

Microsoft Azure Machine Learning 跨站脚本漏洞

Microsoft Azure Machine Learning is a machine learning service provided by Microsoft Corporation in the United States. Microsoft Azure Machine Learning has a cross-site scripting vulnerability, which stems from improper input during the web page generation process. This vulnerability could allow...

DivvyDrive 跨站脚本漏洞

DivvyDrive is a file storage and sharing management platform developed by DivvyDrive Inc. in Turkey. Versions of DivvyDrive from 4.8.2.9 to 4.8.3.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, which could lead to...

VulnCheck KEV: CVE-2026-6973

An Improper Input Validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remotely authenticated user with administrative access to achieve remote code execution...

Proticaret E-Commerce 跨站脚本漏洞

Proticaret E-Commerce is an online store and e-commerce management platform owned by Proticaret Company in Turkey. Versions of Proticaret E-Commerce from 5.0.0 to 6.0.1767.1383 had a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, whi...

PT-2026-38576

Name of the Vulnerable Software and Affected Versions Azure Machine Learning affected versions not specified Description Improper neutralization of input during web page generation in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network. This issue is a form o...

PT-2026-38358

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WProyal Royal Elementor Addons allows Stored XSS. This issue affects Royal Elementor Addons: from n/a before 1.7.1053...

PT-2026-38436

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bricks Builder allows Reflected XSS. This issue affects Bricks Builder: from n/a through 1.9.2 to 2.2...

Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability

Ivanti Endpoint Manager Mobile EPMM contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution...

Microsoft Azure Cloud Shell 命令注入漏洞

Microsoft Azure Cloud Shell is a browser-based cloud command-line environment developed by Microsoft Corporation. There is a command injection vulnerability in Microsoft Azure Cloud Shell, which stems from improper neutralization of special elements in commands. This vulnerability could allow...

PT-2026-38421

Name of the Vulnerable Software and Affected Versions Proticaret E-Commerce versions 5.0.0 through 6.0.1767.1382 Description Improper neutralization of input during web page generation allows for Reflected Cross-Site Scripting XSS, a flaw where an application includes untrusted data in a web page...

PT-2026-38580

Name of the Vulnerable Software and Affected Versions Azure Managed Instance for Apache Cassandra affected versions not specified Description Improper input validation allows an authorized attacker to execute code over a network. Recommendations At the moment, there is no information about a newe...

CVE-2026-42509 Apache Wicket: crafted strings can break out of the JavaScript sequence

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, 9.0.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue...