CVE-2026-34598 YesWiki has Persistant Blind XSS at "/?BazaR&vue=consulter"

YesWiki is a wiki system written in PHP. Prior to version 4.6.0, a stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected...

AZL-66426 CVE-2025-8961 affecting package libtiff for versions less than 4.6.0-11

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited...

AZL-34953 CVE-2023-6277 affecting package libtiff for versions less than 4.6.0-3

An out-of-memory flaw was found in libtiff. Passing a crafted tiff file to TIFFOpen API may allow a remote attacker to cause a denial of service via a craft input with size smaller than 379 KB...

PT-2021-12850 · Squaredup · Squaredup

Name of the Vulnerable Software and Affected Versions: SquaredUp versions prior to 4.6.0 Description: The issue allows for Stored XSS attacks. A user can create a dashboard that executes malicious content in an iframe or by uploading an SVG that contains a script. Recommendations: For versions...