754 matches found
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000856)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000856 advisory. The tcprcvstateprocess function in net/ipv4/tcpinput.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service kernel resource...
Softlink Oliver Library Server security vulnerability
Softlink Oliver Library Server is a library management system developed by the Australian company Softlink. Version 5 of Softlink Oliver Library Server contains a security vulnerability. This vulnerability stems from uncleaned inputs in the FileServlet endpoint, which may lead to the download of...
EUVD-2026-2450
html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...
PT-2026-2926
Name of the Vulnerable Software and Affected Versions html2pdf.js versions prior to 0.14.0 Description html2pdf.js converts webpages or elements into printable PDFs client-side. When provided with a text source instead of an element, versions prior to 0.14.0 do not sufficiently sanitize the text...
CVE-2023-25367
Siglent SDS 1104X-E SDS1xx4X-EV6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution RCE with SCPI interface or web server...
CVE-2020-12815
An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields...
CVE-2024-34766
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Automattic ChaosTheory allows Stored XSS.This issue affects ChaosTheory: from n/a through 1.3...
CVE-2024-41116
streamlit-geospatial is a streamlit multipage app for geospatial applications. Prior to commit c4f81d9616d40c60584e36abb15300853a66e489, the visparams variable on line 1254 in pages/1📷Timelapse.py takes user input, which is later used in the eval function on line 1345, leading to remote code...
CVE-2024-39631
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery contest-gallery.This issue affects Contest Gallery: from n/a through = 23.1.2...
USN-7946-2 gnupg vulnerability
USN-7946-1 fixed vulnerabilities in GnuPG 2.x. This update provides the corresponding updates for GnuPG 1.x. Original advisory details: It was discovered that GnuPG incorrectly handled crafted input. A remote attacker could possibly use this issue to crash the program, or execute arbitrary code...
EUVD-2025-206232
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. In Coolify versions up to and including v4.0.0-beta.434, a command injection vulnerability exists in the git source input fields of a resource, allowing a low privileged user member to execute syst...
EUVD-2026-0823
badkeys vulnerable to ASCII control character injection on console via malformed input...
CVE-2025-62746
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeFlavors Featured Video for WordPress - VideographyWP videographywp allows Stored XSS.This issue affects Featured Video for WordPress - VideographyWP: from n/a through = 1.0.18...
CVE-2025-68607
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through = 2.7.7...
GHSA-898P-HH3P-HF9R Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text
Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...
CVE-2023-53978 myBB Forums 1.8.26 Stored Cross-Site Scripting via Forum Announcements
myBB Forums 1.8.26 contains a stored cross-site scripting vulnerability in the forum announcement system that allows authenticated administrators to inject malicious scripts when creating announcements. Attackers can exploit this vulnerability by inserting script payloads in the announcement titl...
CVE-2025-63042 WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS Elementor Addons tutor-lms-elementor-addons allows Stored XSS.This issue affects Tutor LMS Elementor Addons: from n/a through = 3.0.1...
PT-2025-49921
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in FirePlugins FireBox firebox allows Stored XSS.This issue affects FireBox: from n/a through = 3.1.0-free...
Arbitrary Command Injection
Overview mcp-server-kubernetes is a MCP server for interacting with Kubernetes clusters via kubectl Affected versions of this package are vulnerable to Arbitrary Command Injection via the execinpod tool. An attacker can execute arbitrary commands within Kubernetes pods by supplying crafted input...
Security Bulletin: IBM Automation Decision Services for October 2025 - Multiple CVEs addressed
Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-46653...