4 matches found
CVE-2026-24907 October CMS has Stored XSS via Event Log Mail Preview
October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing,...
EUVD-2025-50816
Incus vulnerable to local privilege escalation through custom storage volumes...
EUVD-2022-26457
Malicious code in bioql PyPI...
BookStack Injection Vulnerability
BookStack is an open source platform for building wiki documentation using PHP and Laravel from the BookStackApp Bookstackapp team. BookStack suffers from a security vulnerability that stems from the fact that in BookStack prior to version 0.30.5, users with edit page permissions could set up the...