CVE-2026-42157

CVE-2026-42157 concerns Flowsint, an open-source OSINT graph exploration tool. Affected behavior: prior to version 1.2.3, an attacker could create a map node with a malicious HTML label; when the map tab is active and a node marker is selected, the HTML could render and trigger stored XSS. Impact...

CVE-2026-23516 CVAT vulnerable to XSS via skeleton SVG images

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

EUVD-2026-3774

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

CVE-2026-23516 CVAT vulnerable to XSS via skeleton SVG images

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.2.0 through 2.54.0, an attacker is able to execute arbitrary JavaScript in a victim user's CVAT UI session, provided that they are able to create a maliciously crafted label in a CVAT task or...

CVE-2023-28629

GoCD is an open source continuous delivery server. GoCD versions before 23.1.0 are vulnerable to a stored XSS vulnerability, where pipeline configuration with a malicious pipeline label configuration can affect browser display of pipeline runs generated from that configuration. An attacker that h...

Improper Neutralization of Equivalent Special Elements

Overview Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements due to a possible HTML injection via deleting an account's API key that has a payload as its label. Remediation Upgrade BTCPayServer.Client to version 1.7.5 or higher. References -...