CVE-2026-30977

RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...

CVE-2026-22183

wpDiscuz before 7.6.47 contains a stored cross-site scripting vulnerability in the inline comment preview functionality that allows authenticated users to inject malicious scripts by submitting comments with unescaped content. Attackers with unfilteredhtml capabilities can inject JavaScript...

CVE-2026-32753

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

CVE-2026-33749

n8n is vulnerable to XSS in versions prior to 1.123.27, 2.13.3, and 2.14.1. An authenticated user who can create or modify workflows could craft a workflow that returns an HTML binary data object via /rest/binary-data without a filename and without Content-Disposition or Content-Security-Policy h...

EUVD-2026-15276

In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sens...

CVE-2026-23323

In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sens...

CVE-2026-23323 hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver

In the Linux kernel, the following vulnerability has been resolved: hwmon: macsmc Fix regressions in Apple Silicon SMC hwmon driver The recently added macsmc-hwmon driver contained several critical bugs in its sensor population logic and float conversion routines. Specifically: - The voltage sens...

SUSE CVE-2026-27616

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...

SUSE CVE-2026-31886

Dagu is a workflow engine with a built-in Web user interface. Prior to 2.2.4, the dagRunId request field accepted by the inline DAG execution endpoints is passed directly into filepath.Join to construct a temporary directory path without any format validation. Go's filepath.Join resolves...

GHSA-GMFG-3V4Q-9QR4 Authelia: Improper Neutralization of Input During Web Page Generation Leads to Potential Cross-site Scripting

Impact Official Weighted Severity Rating: Low This exploit is very unlikely to be the case for most users as it requires configuration of the Content Security Policy template value. Below represents a safe value, any other value other than unconfigured should be very carefully evaluated regardles...

PT-2026-27623

Name of the Vulnerable Software and Affected Versions Authelia versions 4.39.15 Description Authelia is an open-source authentication and authorization server. An attacker may potentially be able to inject javascript into the Authelia login page if specific conditions are met, including...

Cross-site Scripting (XSS)

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Tag Delete Confirmation. An attacker can execute arbitrary JavaScript in the application's context by injecting malicious HTML into the tag name, which is then...

GO-2026-4765 mo has a XSS via inline SVG script tags in Markdown rendering in github.com/k1LoW/mo

mo has a XSS via inline SVG script tags in Markdown rendering in github.com/k1LoW/mo...

USN-8118-1: sized-chunks vulnerabilities

Yechan Bae discovered that sized-chunks did not properly validate array size when constructing Chunk. An attacker could possibly use these issues to cause out-of-bounds access, leading to memory corruption or undefined behavior. CVE-2020-25791, CVE-2020-25792, CVE-2020-25793 Yechan Bae discovered...

EUVD-2026-13994

The fyyd podcast shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fyyd-podcast', 'fyyd-episode', and 'fyyd' shortcodes in all versions up to, and including, 0.3.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode...

btrfs: do not free data reservation in fallback from inline due to -ENOSPC

...

CVE-2026-32753

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...

SUSE CVE-2025-71268

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from cowfilerangeinline without freeing the reserved qgroup data, resulting in a leak. Fi...