Lucene search
K

6 matches found

NVD
NVD
added 2026/06/22 10:16 p.m.8 views

CVE-2026-55409

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS0.00168EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.12 views

CtrlPanel-gg 安全漏洞

CtrlPanel-gg is an open-source, easy-to-use, and free billing solution developed by CtrlPanel-gg. Versions of CtrlPanel-gg 1.1.1 and earlier contain security vulnerabilities. These vulnerabilities stem from the datatable method in the administrator role management interface, which directly insert...

4.8CVSS5.7AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.6 views

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

6.4CVSS5.8AI score0.00262EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.6 views

PT-2026-24477

Name of the Vulnerable Software and Affected Versions Sylius versions 1.9.12 through 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains an authenticated stored cross-site scripting XSS issue in multiple areas of the shop frontend and admin panel. This is due to...

4.8CVSS5.8AI score0.00142EPSS
Exploits0References7
NVD
NVD
added 2026/02/26 10:20 p.m.8 views

CVE-2026-27154

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: displaynameonposts = true; and prioritizeusernameinux = false. Editing a post of a malicious user would trigger ...

6.1CVSS0.00166EPSS
Exploits0References1
OSV
OSV
added 2026/01/28 4:10 p.m.2 views

GHSA-9R54-Q6CX-XMH5 Hono vulnerable to XSS through ErrorBoundary component

Summary A Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as raw HTML, allowing arbitrary script execution in the victim's browser. Details The issue is in the...

4.7CVSS6.3AI score0.00298EPSS
Exploits0References4
Rows per page
Query Builder