PT-2026-46874

SVG files are in the allowed extensions whitelist and can be uploaded by any admin user via the media manager. There is zero SVG content sanitization anywhere in the upload pipeline. A malicious SVG with JavaScript onload, , executes in the context of the Shopware domain when accessed. The Proble...

RockyLinux 10 : .NET 8.0 (RLSA-2026:21286)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21286 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET: infini...

CVE-2025-65640

The CVE-2025-65640 issue affects Arket Globe Document Intelligence 5.0.0.559 (Task in Progress / Recent page). It is a Cross Site Scripting (XSS) vulnerability caused by improper sanitization/escaping of user input in text fields when creating a new document, allowing injected JavaScript to run i...

RockyLinux 10 : firefox (RLSA-2026:21380)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:21380 advisory. firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component CVE-2026-8388 firefox: Other issue in the JavaScript Engine component...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS : Template-Toolkit vulnerability (USN-8377-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 / 26.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8377-1 advisory. It was discovered that Template-Toolkit did not properly escape single quotes in the htmlfilter function of Template::Plugin::HTML...

PT-2026-46847

Description This report describes an open redirect in Shopware's public SSO entry point at GET /api/oauth/sso/auth. When the endpoint is reached without the expected SSO session state, the application falls back to the request's Referer header and uses that value as the redirect destination. In t...

PT-2026-46888

Description This report describes an open redirect in Shopware's public SSO entry point at GET /api/oauth/sso/auth. When the endpoint is reached without the expected SSO session state, the application falls back to the request's Referer header and uses that value as the redirect destination. In t...

PT-2026-46849

Stored XSS via Hostile YouTube Video Title in AVideo YouTubeAPI Gallery Section Summary A stored Cross-Site Scripting vulnerability CWE-79; chained CWE-829, Inclusion of Functionality from Untrusted Control Sphere in the AVideo YouTubeAPI plugin renders the snippet.title field returned by the...

PT-2026-46201

Name of the Vulnerable Software and Affected Versions Zuz Music version 2.1 Description A persistent cross-site scripting issue allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. The injection occurs via the name, subject, and message paramete...

MiracleLinux 8 : dotnet8.0-8.0.127-1.el8_10.ML.1 (AXSA:2026-756:09)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-756:09 advisory. serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization CVE-2026-34043 dotnet: .NET:...

GHSA-PJ2V-GGQH-CMQ2 Docling: Unsafe Playwright-based HTML Rendering

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...

Docling: Unsafe Playwright-based HTML Rendering

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...

CVE-2026-39107

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...

EUVD-2026-34158

An authenticated ERPNext user with Item record edit permissions can persist arbitrary HTML/JavaScript in the itemname, description, or image fields of an Item and trigger unescaped rendering in the Point of Sale POS cart interface for every operator who adds that item to a transaction.This issue...

CVE-2026-42839

CVE-2026-42839 describes a stored XSS in ERPNext 16.16.0. An authenticated user with Item record edit permissions can persist arbitrary HTML/JavaScript in item_name, description, or image fields, causing unescaped rendering in the POS cart interface for every operator adding that item to a transa...

EUVD-2026-34157

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

CVE-2026-42840

An authenticated user can persist arbitrary HTML/JavaScript in the emailid or mobileno fields of a Customer record and trigger unescaped rendering in the Point of Sale POS interface for every operator who selects that customer. This issue affects ERPNext: 16.16.0...

ParamStriker

ParamStriker Offline JSON & Query Parameter Exploit Frame...

USN-8377-1 libtemplate-perl vulnerability

It was discovered that Template-Toolkit did not properly escape single quotes in the htmlfilter function of Template::Plugin::HTML. An attacker could possibly use this issue to inject arbitrary HTML and JavaScript into generated output...

USN-8377-1: Template-Toolkit vulnerability

It was discovered that Template-Toolkit did not properly escape single quotes in the htmlfilter function of Template::Plugin::HTML. An attacker could possibly use this issue to inject arbitrary HTML and JavaScript into generated output...