7585 matches found
CVE-2026-23725
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...
CVE-2021-47839
A flaw was found in Marky. This persistent cross-site scripting XSS vulnerability allows attackers to inject malicious scripts into markdown files. Attackers can upload specially crafted markdown files containing JavaScript code. When these files are opened, the embedded scripts execute,...
CVE-2026-23725
WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...
CVE-2021-47839
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...
CVE-2021-47837
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
CVE-2021-47840 Moeditor 0.2.0 - Persistent Cross-Site Scripting
Moeditor 0.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload specially crafted markdown files with embedded JavaScript that execute when opened, potentially enabling remote code execution on t...
CVE-2021-47838
CVE-2021-47838 affects Markright 1.0 with a persistent cross-site scripting vulnerability in markdown handling. Attackers can upload specially crafted markdown files that execute arbitrary JavaScript when opened, potentially enabling remote code execution on the victim’s system. The provided docu...
CVE-2021-47839
Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code executio...
CVE-2021-47834 Schlix CMS 2.2.6-6 - 'title' Persistent Cross-Site Scripting (Authenticated)
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...
CVE-2021-47835
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remot...
CVE-2026-21624
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla...
CVE-2026-21624
Lack of input filterung leads to a persistent XSS vulnerability in the user avatar text handling of the Easy Discuss component for Joomla...
CVE-2026-21623 Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...
CVE-2026-21623 Extension - stackideas.com - Persistent XSS in EasyDiscuss component 1.0.0-5.0.15 for Joomla
Lack of input filterung leads to a persistent XSS vulnerability in the forum post handling of the Easy Discuss component for Joomla...
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced...
PT-2026-3292
Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution...
PT-2026-3290
Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remot...
PT-2026-3289
Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000605)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000605 advisory. Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001542)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001542 advisory. The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too fa...