CVE-2026-11220

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: Low...

CVE-2026-42681

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in E2Pdf.Com e2pdf allows Reflected XSS. This issue affects e2pdf: from n/a through 1.32.14...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: Revised handling of scratch memory for READPLUS again I discovered that the read code might send multiple requests using the same nfspgioheader. However, the nfs4procreadsetup function is only called once. As a result, w...

CVE-2026-30812

Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800...

CVE-2026-39541

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Themefic Hydra Booking hydra-booking allows Stored XSS.This issue affects Hydra Booking: from n/a through = 1.1.38...

CVE-2026-25353

CVE-2026-25353 is a Reflected XSS vulnerability in the Nooni WordPress theme (Nooni). The issue is described as improper neutralization of input during web page generation and is reported as affecting Nooni versions from n/a up to (but not including) 1.5.1. The connected Wordfence document confir...

CVE-2024-31119

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Vasilis Triantafyllou Special Box for Content allows DOM-Based XSS.This issue affects Special Box for Content: from n/a through 1...

PT-2026-26270

CVE-2025-62043 Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: f… https://t.co/jx1gWujkMb...

CVE-2026-28113

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through = 3.9.1...

CVE-2026-28113

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in azzaroco Ultimate Learning Pro indeed-learning-pro allows Reflected XSS.This issue affects Ultimate Learning Pro: from n/a through = 3.9.1...

CVE-2026-28112

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup AllInOne - Banner Rotator all-in-one-bannerRotator allows Reflected XSS.This issue affects AllInOne - Banner Rotator: from n/a through = 3.8...

PT-2026-20699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Melapress WP Activity Log wp-security-audit-log allows DOM-Based XSS.This issue affects WP Activity Log: from n/a through = 5.5.4...

WordPress plugin Cart All In One For WooCommerce 注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension that can ...

SUSE-SU-2026:0439-1 Security update for apptainer

This update for apptainer fixes the following issues: Security fixes: - CVE-2024-45310: Fixed runc being tricked into creating empty files/directories on host bsc1257432 - CVE-2025-65105: Fixed security bypass due to disabling security options bsc1255462 - CVE-2025-47914: Fixed malformed constrai...

CVE-2026-24476 Shaarli vulnerable to stored XSS via Suggested Tags

Shaarli is a personal bookmarking service. Prior to version 0.16.0, crafting a malicious tag which starting with " prematurely ends the tag on the start page and allows an attacker to add arbitrary html leading to a possible XSS attack. Version 0.16.0 fixes the issue...

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

CVE-2025-27005

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup HTML5 Video Player lbg-vp2-html5-bottom allows Reflected XSS.This issue affects HTML5 Video Player: from n/a through = 5.3.5...

CVE-2025-68859

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in agmorpheus Syntax Highlighter Compress syntax-highlighter-compress allows Reflected XSS.This issue affects Syntax Highlighter Compress: from n/a through = 3.0.83.3...

CVE-2025-62077

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SEOSEON EUROPE S.L Affiliate Link Tracker affiliate-link-tracker allows Stored XSS.This issue affects Affiliate Link Tracker: from n/a through = 0.2...

CVE-2026-24383

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins B Slider b-slider allows DOM-Based XSS.This issue affects B Slider: from n/a through = 2.0.6...