CVE-2026-6415

The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the updatepreview JavaScript function. Th...

CVE-2026-5563

CVE-2026-5563 affects AutohomeCorp frostmourne up to 1.0. The flaw is in the Alarm Preview component, specifically the function httpTest in /api/monitor-api/alarm/previewData, leading to a SQL injection . Exploitation is remote over the network and the exploit is publicly released. CVSS metrics i...

PT-2026-24547

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.7. This is due to missing or incorrect nonce validation on the reload preview function. This makes it possible for...

CVE-2025-15172

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit ha...

CVE-2025-15172 SohuTV CacheCloud RedisConfigTemplateController.java preview cross site scripting

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit ha...

PT-2025-53690

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions up to 3.2.0 Description A security flaw exists in SohuTV CacheCloud that allows for cross site scripting. This issue impacts the preview function within the file...

EUVD-2025-20169

Malicious code in bioql PyPI...

EUVD-2025-19201

Malicious code in bioql PyPI...

Unspecified Vulnerability in Huawei HarmonyOS (CNVD-2025-15512)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a stack overflow risk when parsing vector images, and can be...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-15511)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a stack overflow risk when parsing vector images, and can be...

Unspecified Vulnerability in Huawei HarmonyOS (CNVD-2025-15507)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS versions 5.0.1 and 5.1.0, which stems from a stack overflow risk when parsing vector images, and can be...

PT-2025-28105 · Huawei +1 · Harmonyos

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to a risk of stack overflow when vector images are parsed during file preview. Successful exploitation of this vulnerability may affect the file preview function...

PT-2025-26978

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.33.7 Description: The Markdown preview function of File Browser is vulnerable to Stored Cross-Site-Scripting XSS. Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the...

CVE-2024-43412

Xibo is an open source digital signage platform with a web content management system CMS. Prior to version 4.1.0, a cross-site scripting vulnerability in Xibo CMS allows authorized users to execute arbitrary JavaScript via the file preview function. Users can upload HTML/CSS/JS files into the Xib...

CVE-2024-7658

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. This issue affects the function getpreview of the file process.php. The manipulation leads to improper control of resource identifiers. The attack may be initiated remotely. Upgrading to version r1720...

CVE-2023-2247

In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function...

CVE-2024-57249

Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Cookie header, in the request. This bypasses...

CVE-2024-35595

CVE-2024-35595 affects Xintongda OA v2023.12.30.1 with an arbitrary file upload flaw in the File Preview function. The root cause is an upload handling weakness that can let an attacker craft a PDF to execute arbitrary code on the host. The connected PT-2024-26566 entry corroborates the affected ...

TONGDA Office Anywhere 安全漏洞

TONGDA Office Anywhere is a collaborative office OA system. A security vulnerability exists in TONGDA Office Anywhere v2023.12.30.1, which originates from an arbitrary file upload vulnerability in the file preview function, which can be exploited by an attacker to execute arbitrary code by...

CKEditor cross-site scripting vulnerability (CNVD-2024-09867)

CKEditor is an open source, web-based text editor. A cross-site scripting vulnerability exists in CKEditor4, which stems from the presence of a cross-site scripting vulnerability that can be exploited by an attacker to execute JavaScript code by abusing a misconfigured preview function...