Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

CVE-2026-39823

Summary: CVE-2026-39823 covers an escapebug in HTML meta tag content handling that can trigger XSS when URLs are inserted into a meta tag’s content attribute and whitespace is manipulated. Multiple connected sources confirm the issue and describe the root cause as incorrect escaping of URLs insid...

EUVD-2026-28407

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering process in cron.erb. An attacker can execute arbitrary JavaScript in the context of the user's browser by supplying a crafted URL. Details Cross-site scripting or XSS is a code vulnerability th...

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

CVE-2026-44264

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

CVE-2026-44264 Weblate is vulnerable to XSS via crafted Markdown

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

drm/amdgpu: validate user queue size constraints

...

drm/amdgpu: fix NULL pointer issue buffer funcs

...

RLSA-2026:13537 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

GHSA-2PMR-289P-44R3 Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

PT-2026-38442

Name of the Vulnerable Software and Affected Versions ChestnutCMS version 1.5.10 Description A SQL injection issue exists where the content parameter of the 'cms content' tag can be manipulated within the admin backend. This allows the parameter to be injected into a SQL query during template...

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

GHSA-69XW-7HCM-H432 hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

Summary Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx or createElement APIs during server-side rendering, specially crafted values may...

hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

Summary Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the programmatic jsx or createElement APIs during server-side rendering, specially crafted values may...

@hmcts/ccd-case-ui-toolkit (>=7.3.49-4369 <=7.3.51), @hmcts/media-viewer (>=4.2.16-4435 <=4.2.17-exui-4369-cve-fix-01) potentially affected by CVE-2026-44437 via @angular/ssr (>=20.3.18 <=20.3.24)

@angular/ssr NPM version =20.3.18, =7.3.49-4369, =4.2.16-4435, =4.2.17-exui-4369-cve-fix-01 Source cves: CVE-2026-44437 Source advisory: OSV:GHSA-69XR-M8H6-H664...

Open Redirect

Overview @angular/ssr is a the Angular server side rendering utilities. Affected versions of this package are vulnerable to Open Redirect via improper handling of the X-Forwarded-Prefix header. An attacker can manipulate internal redirects or server-side requests by injecting encoded path travers...