8766 matches found
PT-2026-42228
Name of the Vulnerable Software and Affected Versions Drupal core versions 8.9.0 through 10.4.9 Drupal core versions 10.5.0 through 10.5.9 Drupal core versions 10.6.0 through 10.6.8 Drupal core versions 11.0.0 through 11.1.9 Drupal core versions 11.2.0 through 11.2.11 Drupal core versions 11.3.0...
CVE-2026-6367
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 11.3.0 before 11.3.7...
CVE-2026-8493
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting XSS. This issue affects Colorbox Inline: from 0.0.0 before 2.1.1...
CVE-2026-6871
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...
CVE-2026-6871 Obfuscate - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-033
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Obfuscate allows Cross-Site Scripting XSS. This issue affects Obfuscate: from 0.0.0 before 2.0.2...
CVE-2026-6365
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Drupal core allows Cross-Site Scripting XSS. This issue affects Drupal core: from 8.0.0 before 10.5.9, from 10.6.0 before 10.6.7, from 11.0.0 before 11.2.11, from 11.3.0 before 11.3.7...
CVE-2026-6095
The CVE-2026-6095 issue affects Orejime (0.0.0 to 2.0.15) and is a Cross-site Scripting (XSS) vulnerability caused by Improper Neutralization of Input During Web Page Generation, specifically the IframeConsent element writing HTML attributes without escaping. This can allow malicious input to inj...
org.apache.tomcat/tomcat-juli: tomcat: Apache Tomcat: console manipulation
An improper input neutralization flaw has been discovered in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages. If Tomcat was running in a console on a Windows operating system, and the console supported ANSI escape sequences, it was possible for an attacker to use a...
EUVD-2026-30855
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...
PT-2026-41849
Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue...
PT-2026-41844
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue. Please note that in the updated version, "Data Resource" records with...
CVE-2026-8740
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...
CVE-2026-7498 Stored XSS in Basamak Informatics' DernekWeb
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored XSS. This issue affects DernekWeb: through 30122025...
CVE-2026-7498
CVE-2026-7498 describes a Stored XSS in DernekWeb (Basamak Information Technology Consulting and Organization Trade Ltd. Co.) caused by improper neutralization of input during web page generation. Affected: DernekWeb up to 30122025. CVSSv3.1: 8.8 (HIGH) with NETWORK attack, NO privileges, UI requ...
SUSE-SU-2026:1937-1 Security update for python3
This update for python3 fixes the following issue: - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF bsc1261969. - CVE-2026-3446: base64 decoding stops at first padded quad by default and ignores other information that could be processed bsc1261970. - CVE-2026-4786: URLs...
EUVD-2026-30782
HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting XSS in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax...
PT-2026-41708
HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting XSS in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax...
CVE-2026-29965
HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting XSS in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax...
CVE-2026-8759
A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...
CVE-2026-8740 Sanluan PublicCMS templateResult API TemplateResultDirective.java execute special elements used in a template engine
A flaw has been found in Sanluan PublicCMS 5.202506.d. The impacted element is the function execute of the file publiccms-core/src/main/java/com/publiccms/views/directive/tools/TemplateResultDirective.java of the component templateResult API. This manipulation of the argument templateContent caus...