1213 matches found
CVE-2026-49981
CVE-2026-49981 (Twig) describes a bypass where the per-template allow-list verdict was cached at Template construction and could be reused after the sandbox state changed between renders. This affected twig/twig up to versions before 3.27.0, enabling a later sandboxed render to reuse an earlier c...
Shield Security WP Plugin <= 18.5.9 - Local File Inclusion
The Shield Security Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the renderactiontemplate parameter. This makes it possible for unauthenticated attacker to include and execute PHP fil...
EUVD-2026-42861
The Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Box widget's 'sgbodydescription' parameter in versions up to, and including, 3.2.6. This is due to insufficient input...
CVE-2026-59855
The CVE affects SiYuan prior to version 3.7.1 where Asset.render (app/src/asset/index.ts) interpolates unsanitized this.path into innerHTML. This allows a crafted asset link containing a double quote to break the src attribute and inject an event handler, enabling JavaScript execution that can ru...
CVE-2026-59855 SiYuan: Store XSS To Rce via Asset.render
SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, Asset.render in app/src/asset/index.ts interpolates the unsanitized this.path value into HTML assigned to innerHTML, allowing a crafted asset link containing a double quote to break out of the src attribute, inject an...
CVE-2026-13253
The Ultimate Post plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'moreResultsText' block attribute of the ultimate-post/advanced-search block in versions up to and including 5.0.31. This is due to insufficient input sanitization and output escaping in the...
PT-2026-57012
Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.1 Description In the Asset.render function within app/src/asset/index.ts, the unsanitized this.path variable is interpolated into HTML assigned to innerHTML. A crafted asset link containing a double quote can break...
PT-2026-56663
Name of the Vulnerable Software and Affected Versions ECA: Event - Condition - Action versions 0.0.0 through 2.1.20 ECA: Event - Condition - Action versions 3.0.0 through 3.0.12 ECA: Event - Condition - Action versions 3.1.0 through 3.1.4 Description Improperly controlled modification of...
[SECURITY] Fedora 44 Update: perl-Imager-1.032-1.fc44
Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more...
CVE-2026-5137
The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...
CVE-2026-5137
The RTMKit rometheme-for-elementor plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.0.7 This is due to insufficient path validation on the 'template' parameter in the rendertemplates AJAX endpoint, which is used directly in a require/include statement...
PT-2026-55522
Name of the Vulnerable Software and Affected Versions RTMKit versions prior to 2.0.8 Description The RTMKit rometheme-for-elementor plugin for WordPress contains a Local File Inclusion flaw. This occurs because the render templates AJAX endpoint does not properly validate the template parameter...
GHSA-2V8P-FQPX-2Q3W jxl-oxide: integer subtraction overflow panic in cluster_from_table via crafted JXL input (DoS)
Summary Logic bug in decodesimpletableslow may cause integer arithmetic overflow when decoding Modular image with certain kind of MA tree, which may panic with overflow-checks enabled. Impact Denial of service: any application passing untrusted JXL data to JxlImage::renderframe or equivalent can ...
CVE-2026-14093
Use after free in Cast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Low...
CVE-2026-13937
CVE-2026-13937 concerns Google Chrome where insufficient policy enforcement in passwords handling within the Chromium-based renderer allowed a remote attacker who had already compromised the renderer to leak cross-origin data via a crafted HTML page. The vulnerability is described in multiple sou...
CVE-2026-46417
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-next.12, 21.2.13, 20.3.21, and 19.2.22, a Server-Side Request Forgery SSRF vulnerability exists in @angular/platform-server. The issue stems from how...
CVE-2026-54067
SiYuan (prior to v3.7.0) is affected by a stored XSS in renderSnippet() where a CSS snippet containing breaks out of the surrounding tag during insertion, enabling injected JavaScript in the renderer. In Electron builds with nodeIntegration: true, this can reach Node APIs (e.g., child_process) a...
CVE-2026-54067 SiYuan: Stored XSS to RCE via CSS-snippet <style> breakout in renderSnippet()
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...
CVE-2026-53946
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...
CVE-2026-53946 Ghost: Mobiledoc image-size fetch SSRF
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...