CVE-2026-43939

Summary: CVE-2026-43939 affects YetAnotherForum.NET (YAF.NET) prior to 4.0.5 and 3.2.12, where thread posting/reply content is stored and later rendered without proper HTML sanitization or contextual encoding, enabling Stored XSS across the forum. The underlying issue is unsanitized user input in...

CVE-2026-43939 YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers

YetAnotherForum.NET YAF.NET is a C ASP.NET forum. Prior to 4.0.5 and 3.2.12, the thread posting and reply feature accepts user-supplied content via a a post or reply that is stored server-side and later rendered back into the thread page without adequate HTML sanitization or contextual output...

CVE-2026-45214

creationtimestamp| type| source ---|---|--- 2026-05-12 11:59:04+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnqfigyfr2n 2026-05-12 11:59:41+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnqgkuz7s2g...

CVE-2026-45213

creationtimestamp| type| source ---|---|--- 2026-05-12 11:58:57+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnqfbe3r62t 2026-05-12 11:59:33+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnqgdglbg2t...

CVE-2026-45211

creationtimestamp| type| source ---|---|--- 2026-05-12 11:58:50+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnqf2q7ij2w 2026-05-12 11:59:25+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnqg3vdmc2g...

CVE-2026-25787

creationtimestamp| type| source ---|---|--- 2026-05-12 11:11:01+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnnpkhaew2g 2026-05-12 11:29:49+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlnor6rqcr2n 2026-05-13 13:51:56+00:00| seen|...

CVE-2026-44411

creationtimestamp| type| source ---|---|--- 2026-05-12 10:59:35+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnn2om35t2z 2026-05-12 11:35:33+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mlnp3h7qgn2v 2026-05-14 10:00:00+00:00| seen|...

CVE-2026-8159

creationtimestamp| type| source ---|---|--- 2026-05-12 08:41:22+00:00| seen| https://bsky.app/profile/ulisesgascon.com/post/3mlnfdvwb3c27 2026-05-12 10:39:13+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlnlwokxtb2g 2026-05-12 11:27:19+00:00| seen|...

CVE-2026-42864

creationtimestamp| type| source ---|---|--- 2026-05-11 20:02:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlm2wl32sv2z 2026-05-11 20:02:15+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mlm2wl32sv2z 2026-05-11 20:35:42+00:00| seen|...

CVE-2026-45186

creationtimestamp| type| source ---|---|--- 2026-05-11 19:56:19+00:00| seen| https://bsky.app/profile/news.karthihegde.dev/post/3mlm2lx2ofq23 2026-05-11 19:56:19+00:00| seen| https://bsky.app/profile/news.karthihegde.dev/post/3mlm2lx2ofq23 2026-05-11 20:00:05+00:00| seen|...

CVE-2026-5172

creationtimestamp| type| source ---|---|--- 2026-05-11 18:58:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllxds6f4v2c 2026-05-11 18:58:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllxds6f4v2c 2026-05-13 12:31:36+00:00| seen|...

CVE-2026-4892

creationtimestamp| type| source ---|---|--- 2026-05-11 18:51:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllwxdg4m32k 2026-05-11 18:51:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mllwxdg4m32k 2026-05-12 09:24:59+00:00| seen|...

CVE-2026-41431

creationtimestamp| type| source ---|---|--- 2026-05-11 18:24:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllvi2f77q2g 2026-05-11 18:24:40+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllvi2f77q2g 2026-05-11 18:25:04+00:00| seen|...

CVE-2026-45004

creationtimestamp| type| source ---|---|--- 2026-05-11 18:22:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllvdh5omh2t 2026-05-11 18:22:05+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mllvdh5omh2t 2026-05-11 19:10:55+00:00| seen|...

EUVD-2026-29165

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...

CVE-2026-42857 Open edX Platform: Stored CSS Injection in Email Notifications via Incomplete HTML Sanitization

Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer cleanthreadhtmlbody used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with Django's |safe template filter in...

CVE-2026-25244

creationtimestamp| type| source ---|---|--- 2026-05-11 14:43:50+00:00| published-proof-of-concept| https://github.com/webdriverio/webdriverio/security/advisories/GHSA-5c46-x3qw-q7j7 2026-05-19 22:07:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mmafn7z22w2u 2026-05-20 14:50:44+00:0...

CVE-2026-44247

creationtimestamp| type| source ---|---|--- 2026-05-11 11:41:05+00:00| seen| https://bsky.app/profile/mfahlandt.bsky.social/post/3mll6web5322b 2026-05-11 12:14:27+00:00| seen| https://bsky.app/profile/mfahlandt.bsky.social/post/3mllas3m6ox2b 2026-05-11 12:30:15+00:00| seen|...

EUVD-2022-55971

WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...

EUVD-2022-55986

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the posts/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET requests...