CVE-2021-47783

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...

EUVD-2026-3067

Malicious code in lusha-integrations-widgets npm...

PT-2026-3221

Name of the Vulnerable Software and Affected Versions lucy-xss-filter versions prior to commit e5826c0 Description The software contains a flaw where an attacker can execute malicious JavaScript. This is due to improper sanitization resulting from misconfigured default superset rule files...

PT-2026-3304

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4-dev2 Description SiYuan Note does not properly sanitize uploaded SVG files. This allows a user to upload a malicious SVG file, such as one obtained from an untrusted source, which can then execute arbitrary...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in V8, which can be exploited by an attacker to bypass security restrictions...

PT-2026-3296

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

PT-2026-3291

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access...

Cotonti Siena security vulnerabilities

Cotonti Siena is a powerful open-source web development framework and content manager developed by Cotonti. Version 0.9.19 of Cotonti Siena contains a security vulnerability. This vulnerability stems from the site title parameters in the administrator configuration panel, which contain stored...

PT-2026-3294

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

PT-2026-3297

StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code...

Lucy-XSS security vulnerability

Lucy-XSS is a cross-site scripting protection library open-sourced by NAVER. Lucy-XSS has a security vulnerability, which stems from improper configuration of the default super-set rule file, leading to inadequate cleanup and potentially allowing malicious JavaScript to be executed...

RockyLinux 8 : firefox (RLSA-2026:0667)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0667 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

Microsoft Edge (Chromium) < 144.0.3719.82 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 144.0.3719.82. It is, therefore, affected by multiple vulnerabilities as referenced in the January 16, 2026 advisory. - Use after free in ANGLE. CVE-2026-0908 - Microsoft Edge Elevation Service exposes a privileged COM...

RockyLinux 9 : firefox (RLSA-2026:0694)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0694 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

PT-2026-3295

Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on t...

Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...

CVE-2021-47808

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

CVE-2021-47783 Phpwcms 1.9.30 - Arbitrary File Upload

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...

CVE-2021-47783 Phpwcms 1.9.30 - Arbitrary File Upload

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...