202158 matches found
CVE-2026-42447
CVE-2026-42447 affects jadx (Dex to Java decompiler). The HTML injection occurs in the Summary tab via SummaryNode.java, which unescapes and inserts path components from an APK’s .so file entries into HTML without escaping. A malicious APK with a crafted HTML URL-encoded ZIP entry name can render...
CVE-2026-47730
Twig: XSS in Twig\Profiler\Dumper\HtmlDumper allows attacker-controlled template/profile names to inject HTML in profiler output due to unescaped getTemplate()/getName() data. Affects Twig 3.0.0–3.26.0; fixed in 3.26.0 by escaping these values via htmlspecialchars(). No exploit details provided b...
CVE-2026-47732
Twig Sandbox: multiple __toString() policy bypasses via unguarded string coercion points existed prior to 3.26.0, enabling string coercion of Stringable operands through various constructs (conditional expressions, matches operator, loose comparisons, tests, template-loading tags, dynamic attribu...
CVE-2026-45070
This CVE concerns Symfony's Mime ParameterizedHeader: parameter names are emitted verbatim in serialized headers, allowing CRLF or non-token bytes to be injected via untrusted input. Affected component: Symfony\Component\Mime\Header\ParameterizedHeader (and related Headers). Root cause: names are...
WeGIA <= 3.6.4 - Remote Code Execution
WeGIA = 3.6.5 contains a remote code execution caused by improper validation of backup file names in the database restoration functionality, letting attackers with administrative access execute arbitrary OS commands id: CVE-2026-28409 info: name: WeGIA = 3.6.4 - Remote Code Execution author:...
Blinko <= 1.8.3 - User Information Leak
Blinko = 1.8.4 contains an information disclosure caused by a publicly accessible endpoint exposing user information including usernames, roles, and account creation dates, letting remote attackers access sensitive user data, exploit requires no special privileges. id: CVE-2026-23486 info: name:...
PraisonAI AgentOS - Information Disclosure
PraisonAI's AgentOS FastAPI application server exposes an unauthenticated GET /api/agents endpoint that lists every registered agent's name, role and the opening of its instructions system prompt. No authentication is enforced on the route, allowing a remote attacker to enumerate agent...
CVE-2026-58411
ChurchCRM (open-source church management system) Vulnerability: Prior to version 7.4.0, a Reflected XSS was identified due to insufficient output encoding of user-controlled request parameter names and values. The application reflects attacker-controlled input into JavaScript string contexts and ...
CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...
CVE-2026-61504 Rejetto HFS < 3.2.1 Stored XSS via File Names in Basic Web Listing
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name...
CVE-2026-57221
RabbitMQ vulnerability CVE-2026-57221 affects passive queue.declare and exchange.declare operations in AMQP 0-9-1. Prior to versions 3.13.15, 4.0.20, 4.1.11, and 4.2.6, authenticated users who can connect to a virtual host could enumerate queue and exchange names and read queue message and consum...
CVE-2026-59262
A flaw was found in AFFiNE. This vulnerability allows an authenticated workspace member to bypass document read permissions by supplying arbitrary document Globally Unique Identifiers GUIDs to the histories GraphQL field. This can lead to information disclosure, enabling attackers to retrieve ful...
CVE-2026-58225
SQL Injection vulnerability in elixir-ecto postgrex allows an attacker who can influence a LISTEN channel name to inject SQL into the reconnect replay query, causing a denial of service of the notification connection. Postgrex.Notifications sanitizes channel names with quotechannel/1, which doubl...
CVE-2026-58225
This CVE affects postgrex (specifically Postgrex.Notifications) used with elixir-ecto. The root cause is a SQL injection-like flaw in the reconnect replay: on (re)connect, handle_connect/1 concatenates LISTEN statements and wraps them in a dollar-quoted block (DO $$ ... $$). quote_channel/1 doubl...
EUVD-2026-42854
R-SOFT DMS is vulnerable to Stored XSS in file upload functionality. Authenticated attacker can inject arbitrary HTML and JS into the name of the file being uploaded, which will be executed when visiting file list or upload status by other users. This issue was fixed in version v3.19-2832 and...
CVE-2026-15291
The Chat Help – Click to Chat Button & Form plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.1.3 via the REST API endpoints /wp-json/chat-help/v1/leads and /wp-json/chat-help/v1/leads/id. This is due to the plugin not performing any...
CVE-2026-54760
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.1, the SQLChatAgent SQL-injection mitigation, with default allowdangerousoperations=False, combines a raw-text regex blocklist DANGEROUSSQLPATTERNS with a sqlglot SELECT-only statement allowlist...
PT-2026-57306
Name of the Vulnerable Software and Affected Versions RabbitMQ versions prior to 3.13.15 RabbitMQ versions prior to 4.0.20 RabbitMQ versions prior to 4.1.11 RabbitMQ versions prior to 4.2.6 Description RabbitMQ fails to perform authorization checks on passive queue.declare and exchange.declare AM...
CVE-2026-59856 Vim: Arbitrary Code Execution via PHP Omni-Completion
Vim is an open source, command line text editor. Prior to 9.2.0736, the PHP omni-completion script in runtime/autoload/phpcomplete.vim interpolates a class or trait name, taken from the contents of the edited buffer, into a search pattern that is run via winexecute without escaping. A name...
CVE-2026-49256
Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...