EUVD-2026-14173

The Comment Genius plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' parameter in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitra...

CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

The vulnerability of the hashFirst() function in GoAhead’s embedded web server software for Robustel R1510 VPN routers allows a hacker to cause a service failure.

The vulnerability of the hashFirst function in GoAhead’s embedded web server-based VPN router software, Robustel R1510, is related to the lack of measures taken to sanitize input data. Exploiting this vulnerability could allow a malicious actor to trigger a service failure by sending a specially...

The vulnerability of NETGEAR’s integrated routing software, including models like RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from the lack of measures to sanitize input data. This allows attackers to execute arbitrary commands.

The vulnerability of NETGEAR’s integrated routing software, including models like RBK752, RBR750, RBS750, RBK852, RBR850, and RBS850, stems from the lack of measures to sanitize input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

The vulnerability of the Tivoli Storage Manager FastBack data management program allows a hacker to execute arbitrary code.

The vulnerability of the Tivoli Storage Manager FastBack data management program is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...