PT-2026-3291

Markdown Explorer 0.1.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious code through file uploads and editor inputs. Attackers can upload markdown files with embedded JavaScript payloads to execute remote commands and potentially gain system access...

PT-2026-3304

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4-dev2 Description SiYuan Note does not properly sanitize uploaded SVG files. This allows a user to upload a malicious SVG file, such as one obtained from an untrusted source, which can then execute arbitrary...

PT-2026-3296

SnipCommand 0.1.0 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into command snippets. Attackers can execute arbitrary code by embedding malicious JavaScript that triggers remote command execution through file or title inputs...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from an improper implementation in V8, which can be exploited by an attacker to bypass security restrictions...

Crawl4AI Has Local File Inclusion in Docker API via file:// URLs

A local file inclusion vulnerability exists in the Crawl4AI Docker API. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing attackers to read arbitrary files from the server filesystem. Attack Vector: json POST /executejs "url": "file:///etc/passwd", "scripts":...

Lucy-XSS security vulnerability

Lucy-XSS is a cross-site scripting protection library open-sourced by NAVER. Lucy-XSS has a security vulnerability, which stems from improper configuration of the default super-set rule file, leading to inadequate cleanup and potentially allowing malicious JavaScript to be executed...

PT-2026-3297

StudyMD 0.3.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code...

PT-2026-3294

Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...

CVE-2021-47779

Dolibarr ERP-CRM 14.0.2 contains a stored cross-site scripting vulnerability in the ticket creation module that allows low-privilege users to inject malicious scripts. Attackers can craft a specially designed ticket message with embedded JavaScript that triggers when an administrator copies the...

Cotonti Siena security vulnerabilities

Cotonti Siena is a powerful open-source web development framework and content manager developed by Cotonti. Version 0.9.19 of Cotonti Siena contains a security vulnerability. This vulnerability stems from the site title parameters in the administrator configuration panel, which contain stored...

RockyLinux 9 : firefox (RLSA-2026:0694)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0694 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

RockyLinux 8 : firefox (RLSA-2026:0667)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:0667 advisory. firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox:...

Microsoft Edge (Chromium) < 144.0.3719.82 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 144.0.3719.82. It is, therefore, affected by multiple vulnerabilities as referenced in the January 16, 2026 advisory. - Use after free in ANGLE. CVE-2026-0908 - Microsoft Edge Elevation Service exposes a privileged COM...

CVE-2021-47808

Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page...

CVE-2021-47783 Phpwcms 1.9.30 - Arbitrary File Upload

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...

CVE-2021-47783 Phpwcms 1.9.30 - Arbitrary File Upload

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...

CVE-2021-47783

Phpwcms 1.9.30 contains a file upload vulnerability that allows authenticated attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload crafted SVG payloads through the multiple file upload feature to potentially execute cross-site scripting attacks on the platform...

CVE-2026-1011

A stored cross-site scripting XSS vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST...

CVE-2026-0601

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...

Node.js: HashDoS in V8

Vulnerability description not provided...