About Remote Code Execution – Microsoft Word (CVE-2026-21514) vulnerability

About Remote Code Execution - Microsoft Word CVE-2026-21514 vulnerability. This vulnerability is from February Microsoft Patch Tuesday. Reliance on Untrusted Inputs in a Security Decision CWE-807 in Microsoft Office Word allows an unauthenticated attacker to bypass OLE security features when...

Stored Cross-Site Scripting (XSS)

decap-cms is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to insufficient sanitization and escaping of user-controlled input fields such as title, description, tags, and body in the admin preview pane, which allows an attacker with low-privilege access to inject...

Patch Tuesday, October 2025 ‘End of 10’ Edition

Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least two vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for...

EUVD-2022-1469

Malicious code in bioql PyPI...

EUVD-2025-27594

Malicious code in bioql PyPI...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

GHSA-XP8G-32QH-MV28 Decap CMS Cross Site Scripting (XSS) vulnerability

Decap CMS through 3.8.3 is vulnerable to stored Cross-Site Scripting XSS in the admin preview pane. User-controlled fields e.g., title, description, tags, and body are rendered in the preview without sufficient sanitization/escaping. An attacker with low-privilege author/contributor access can...

CVE-2025-57520

A Cross Site Scripting XSS vulnerability exists in Decap CMS thru 3.8.3. Input fields such as body, tags, title, and description are not properly sanitized before being rendered in the content preview pane. This enables an attacker to inject arbitrary JavaScript which executes whenever a user vie...

SUSE CVE-2022-23710

A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could allow arbitrary JavaScript to be executed in a victim's browser...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Markdown Editor Preview Pane. An attacker can inject malicious content into a website or application by exploiting this vulnerability. Details Cross-site scripting or XSS is a code vulnerability that occu...

Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane

Impact Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. Affected versions Umbraco CMS = 8.00 Patches This is fixed in 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementing IHtmlSanitizer...

Cross-site Scripting (XSS)

Overview UmbracoCms.Web is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Markdown Editor Preview Pane. An attacker can inject malicious content into a website or application by exploiting this vulnerability. Details Cross-site scripting or XSS...

Cross-site Scripting (XSS)

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Markdown Editor Preview Pane. An attacker can inject malicious content into a website or application by exploiting this vulnerability. Details Cross-site scripting or XS...

CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in versions 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementi...

CVE-2024-35218 Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane

Umbraco CMS is an ASP.NET CMS used by more than 730.000 websites. Stored Cross-site scripting XSS enable attackers that have access to backoffice to bring malicious content into a website or application. This vulnerability has been patched in versions 8.18.13, 10.8.4, 12.3.7, 13.1.1 by implementi...

Microsoft Outlook 安全漏洞

Microsoft Outlook is a suite of e-mail applications from the American company Microsoft. A remote code execution vulnerability exists in Microsoft Outlook due to invalid handling of user input in the preview pane. An attacker can exploit the vulnerability to execute arbitrary code on the system...

Vulnerabilities fixed in Microsoft Office

Microsoft has fixed vulnerabilities in Office, Excel, and Outlook. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Microsoft indicates that f...

GHSA-M6GG-86C6-GFR9 Withdrawn: Cross-site Scripting in Kibana

Withdrawn: This advisory is for Kibana, not ElasticSearch as it was originally published, and is withdrawn as being out of scope of our supported ecosystems. A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could...

Withdrawn: Cross-site Scripting in Kibana

Withdrawn: This advisory is for Kibana, not ElasticSearch as it was originally published, and is withdrawn as being out of scope of our supported ecosystems. A cross-site-scripting XSS vulnerability was discovered in the Data Preview Pane previously known as Index Pattern Preview Pane which could...

Elasticsearch Kibana Cross-Site Scripting Vulnerability (CNVD-2022-23464)

A cross-site scripting vulnerability exists in Elasticsearch Kibana, an open source, browser-based analysis and search Elasticsearch dashboard tool from Elasticsearch Netherlands, which stems from a lack of filtering and escaping of user data in the data preview pane. An attacker could exploit th...