EUVD-2026-38040

Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 password reset form allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0...

CVE-2026-12619

The CVE-2026-12619 entry concerns Microchip GridTime 3000 GNSS Time Server, where an improper neutralization during web page generation enables Cross-Site Scripting (XSS). A CSRF-to-XSS chain affects GridTime 3000 versions 1.0r0.03–1.1r0.0. Exploit maturity is listed as ATTACKED, indicating in-th...

EUVD-2026-38038

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model via XENDOMCTLioportmapping, and hence the linked list used may changed at any time. Traversal of those lists while handling guest I/O port accesses therefore needs...

CVE-2026-54221

UBB.threads is affected by a Reflected XSS vulnerability (CVE-2026-54221). The issue is confirmed in version 7.7.5 and may affect other versions. The vulnerability allows an attacker to execute arbitrary JavaScript in a victim’s browser when the user clicks a crafted link, with user interaction r...

EUVD-2026-37870

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in OceanWP Ocean Product Sharing allows Stored XSS. This issue affects Ocean Product Sharing: from n/a through 2.2.2...

EUVD-2026-37205

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...

CVE-2026-12425 Reflected / DOM cross-site scripting (XSS) in PowerSchool ERP / Employee Access Center 23.10

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in PowerSchool Employee Access Center allows Cross-Site Scripting XSS. This issue affects Employee Access Center: 23.10. It is possible to add in javascript code after the login URL and have it...

EUVD-2026-36787

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

CVE-2026-50889

An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service DoS via sending a crafted refresh-token header...

CVE-2026-50889

CVE-2026-50889 references an input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 that enables Denial of Service (DoS) when a crafted refresh-token header is sent. The connected sources consistently describe the same vulnerability in LLDAP 0.6.2’s refresh-token handling, but do n...

PT-2026-49330

Name of the Vulnerable Software and Affected Versions LLDAP version 0.6.2 Description An input handling flaw in the HTTP refresh token process allows attackers to cause a Denial of Service DoS, which is a condition where a service becomes unavailable to its intended users, by sending a crafted...

EUVD-2026-36360

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in WBW Plugins Product Filter by WBW allows Blind SQL Injection. This issue affects Product Filter by WBW: from n/a through 3.1.2...

CVE-2026-53911

CVE-2026-53911 affects Cerebrate up to version 1.36, where the id primary key could be supplied via request input during CRUD edits and patching flows for several entity types (User, Role, UserSetting, LocalTool, PermissionLimitation, EnumerationCollection). An authenticated attacker could includ...

PT-2026-48643

Name of the Vulnerable Software and Affected Versions GitLab EE versions 17.1 through 18.10.7 GitLab EE versions 18.11 through 18.11.4 GitLab EE versions 19.0 through 19.0.1 Description Improper input sanitization in the Analytics Dashboard allows an authenticated user with developer-role...

PT-2026-48783

Name of the Vulnerable Software and Affected Versions SliceWP versions prior to 1.2.7 Description Improper neutralization of input during web page generation allows for Stored Cross-site Scripting XSS, a condition where malicious scripts are permanently stored on the target server and executed in...

PT-2026-48652

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.9 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description Improper input handling of file names allows an authenticated user with developer-role permissions to...

GitLab 15.9 < 18.10.8 / 18.11 < 18.11.5 / 19.0 < 19.0.2 (CVE-2026-6976)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an...

CVE-2026-45500

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...