6615 matches found
CVE-2026-42842
The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are rendered with the Twig |raw filter in the admin panel, bypassing the...
EUVD-2026-28921
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
CVE-2026-8193
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
CVE-2026-8193
CVE-2026-8193 affects Akaunting 3.1.21, specifically the Invoice PDF Rendering component’s dompdf.php file. The vulnerability arises from unknown processing in that file, enabling a remote attacker to manipulate inputs to achieve server-side request forgery (SSRF). Exploitation is indicated as po...
CVE-2026-8193
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
CVE-2026-8193 Akaunting Invoice PDF Rendering dompdf.php server-side request forgery
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
CVE-2026-8193 Akaunting Invoice PDF Rendering dompdf.php server-side request forgery
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
drm/amd/display: Fix dsc eDP issue
...
Remote Code Execution (RCE)
LiteLLM is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe rendering of user-supplied prompt templates in the POST /prompts/test endpoint without sandboxing, allowing authenticated users to execute arbitrary code within the LiteLLM Proxy process and potentially access...
SUSE CVE-2026-44742
Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...
CVE-2026-36458
ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...
Hono has CSS Declaration Injection via Style Object Values in JSX SSR
Summary The JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the rendered style attribute. The impact is limited to CSS and does not allow JavaScript executio...
GHSA-QP7P-654G-CW7P Hono has CSS Declaration Injection via Style Object Values in JSX SSR
Summary The JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into the rendered style attribute. The impact is limited to CSS and does not allow JavaScript executio...
Velocity.js has a Prototype Pollution vulnerability through #set path assignment
Summary A prototype pollution vulnerability was discovered in Velocity.js key = val. Because there is no validation or filtering to block sensitive keys such as \proto\, constructor, or prototype, an attacker can traverse the prototype chain and pollute the global Object.prototype. PoC javascript...
GHSA-J658-C2GF-X6PQ Velocity.js has a Prototype Pollution vulnerability through #set path assignment
Summary A prototype pollution vulnerability was discovered in Velocity.js key = val. Because there is no validation or filtering to block sensitive keys such as \proto\, constructor, or prototype, an attacker can traverse the prototype chain and pollute the global Object.prototype. PoC javascript...
Mistune Heading ID Attribute has Injection XSS
Summary HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in the id value terminates the attribute, allowing an attacker to inject...
Akaunting 代码问题漏洞
Akaunting is an application software developed by Akaunting Company that provides all the tools needed for online fund management. Version 3.1.21 of Akaunting has a code vulnerability; this vulnerability stems from an unknown processing in the Invoice PDF Rendering component’s config/dompdf.php...
PT-2026-39405
A weakness has been identified in Akaunting 3.1.21. This issue affects some unknown processing of the file config/dompdf.php of the component Invoice PDF Rendering. Executing a manipulation can lead to server-side request forgery. The attack may be launched remotely. The exploit has been made...
PT-2026-39328
Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description The JSX renderer escapes style attribute object values for HTML but not for CSS. When untrusted input is interpolated into a JSX style object and rendered server-side, characters that act as CSS...
PT-2026-39330
Name of the Vulnerable Software and Affected Versions mistune versions prior to 3.2.1 Description In the HTMLRenderer.heading function within src/mistune/renderers/html.py, the id attribute of heading tags is constructed by directly concatenating the value into the HTML without sanitization. When...