PT-2026-31676

Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in safely. Internally, the hasDangerousProtocol function in packages/unhead/src/plugins/safe.ts decodes HTML...

RockyLinux 10 : thunderbird (RLSA-2026:6342)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:6342 advisory. firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-4701 firefox: thunderbird: Memory safety bugs fixed in Firefox ESR...

CVE-2026-39891

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user input from agent.start is passed directly into these tools without escaping, template expressions in the...

CVE-2026-39891 PraisonAI has a Template Injection in Agent Tool Definitions

PraisonAI is a multi-agent teams system. Prior to 4.5.115, the createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user input from agent.start is passed directly into these tools without escaping, template expressions in the...

CVE-2026-35477

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

GHSA-FJPJ-6QCQ-6PW2 CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

Summary The Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog module does. Page content is stored unsanitized in the database and rendered as raw HTML on the public frontend via echo $pageInfo-content. An authenticated...

CI4MS has stored XSS in Pages Content Due to Missing html_purify Sanitization

Summary The Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog module does. Page content is stored unsanitized in the database and rendered as raw HTML on the public frontend via echo $pageInfo-content. An authenticated...

EUVD-2026-20511

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

CVE-2026-31017

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

CVE-2026-39391

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into a...

Exploit for CVE-2026-27739

-CVE-2026-27739-poc curl -H "X-Forwarded-For: http://169.254...

PT-2026-31507

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description A cryptographic flaw exists in PDFium, a component of Google Chrome. This flaw could allow an attacker to read sensitive information from encrypted PDFs by conducting a brute-force...

PT-2026-31136

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Josh Kohlbach Advanced Coupons for WooCommerce Coupons advanced-coupons-for-woocommerce-free allows DOM-Based XSS.This issue affects Advanced Coupons for WooCommerce Coupons: from n/a through =...

CVE-2026-31017

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

InvenTree 安全漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and part tracking capabilities. Versions of InvenTree from 1.2.3 to 1.2.6 contained security vulnerabilities. These vulnerabilities stemmed from a mismatch between the...

CVE-2026-31017

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

PT-2026-31434

InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PART NAME FORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...

PT-2026-31431

immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting XSS in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR...

PT-2026-31332

Name of the Vulnerable Software and Affected Versions ERPNext version 16.0.1 Frappe Framework version 16.1.1 Description A Server-Side Request Forgery SSRF exists in the Print Format functionality. Insufficient sanitization of user-supplied HTML before PDF rendering allows attackers to include HT...

CVE-2026-31017

The connected PT-2026-31332 entry confirms a concrete SSRF vulnerability in ERPNext v16.0.1 and Frappe Framework v16.1.1, arising from insufficient sanitization of HTML in the Print Format function before PDF rendering. This allows user-supplied HTML (e.g., iframe elements) to trigger the server-...