PT-2026-5202

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.44 Description A flaw exists in Drupal Tagify that allows for Cross-Site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The vulnerability could potentially...

CVE-2026-24824

CVE-2026-24824 affects the YaCy yacy_search_server component, specifically the YaCyDefaultServlet.Java handlers under source/net/yacy/http/servlets. The issue is an improper neutralization of input during web page generation, i.e., an XSS vulnerability. CVSS metrics indicate a MEDIUM base score (...

EUVD-2026-4805

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

CVE-2026-24824 A XSS in yacy/yacy_search_server

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

CVE-2026-24824

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in yacy yacysearchserver source/net/yacy/http/servlets modules. This vulnerability is associated with program files YaCyDefaultServlet.Java. This issue affects yacysearchserver...

SUSE CVE-2017-18892

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized...

CVE-2026-24623

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in saeros1984 Neoforum neoforum allows Reflected XSS.This issue affects Neoforum: from n/a through = 1.0...

CVE-2026-22582

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in Salesforce Marketing Cloud Engagement MicrositeUrl module allows Web Services Protocol Manipulation. This issue affects Marketing Cloud Engagement: before January 21st, 2026...

CVE-2025-52762

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in flexostudio flexo-posts-manager flexo-posts-manager allows Reflected XSS.This issue affects flexo-posts-manager: from n/a through = 1.0001...

CVE-2025-52746

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ayecode Restaurante restaurante allows Reflected XSS.This issue affects Restaurante: from n/a through = 3.0.7...

CVE-2025-50005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tagDiv tagDiv Composer td-composer allows DOM-Based XSS.This issue affects tagDiv Composer: from n/a through = 5.4.2...

CVE-2025-67923

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetEngine jet-engine allows Reflected XSS.This issue affects JetEngine: from n/a through = 3.7.7...

CVE-2025-68017

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Antideo Antideo Email Validator antideo-email-validator allows Blind SQL Injection.This issue affects Antideo Email Validator: from n/a through = 1.0.10...

CVE-2025-68518

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeGoods Hoteller hoteller allows Reflected XSS.This issue affects Hoteller: from n/a through 6.8.9...

CVE-2026-24355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Houzez Theme - Functionality houzez-theme-functionality allows Stored XSS.This issue affects Houzez Theme - Functionality: from n/a through = 4.2.6...

CVE-2026-24584

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration allows DOM-Based XSS.This issue affects Tutor LMS BunnyNet Integration: from n/a through = 1.0.0...

CVE-2026-24572

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio Content nelio-content allows Blind SQL Injection.This issue affects Nelio Content: from n/a through = 4.1.0...

CVE-2026-24550

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kaira Blockons blockons allows Stored XSS.This issue affects Blockons: from n/a through = 1.2.15...

CVE-2025-2204

Technical details about CVE-2025-2204 are not publicly available in the provided documents. Monitor for updates.

CVE-2025-2204

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tapandsign Technologies Software Inc. Tap&Sign allows Cross-Site Scripting XSS. This issue affects Tap&Sign: through 23012026. NOTE: The vendor was contacted early about this disclosure but...