PT-2026-28521

Name of the Vulnerable Software and Affected Versions Invoice Ninja versions 5.13.0 through 5.13.3 Description Invoice Ninja, an invoice, quote, project, and time-tracking application built with Laravel, has an issue where the product notes fields in versions 5.13.0 through 5.13.3 allow raw HTML...

PT-2026-28519

Name of the Vulnerable Software and Affected Versions Lychee versions prior to 7.5.3 Description Lychee is a free, open-source photo-management tool. Before version 7.5.3, the photo description field was stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped outpu...

Discourse cross-site scripting vulnerability (CNVD-2026-17264)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the onebox method in the SharedAiConversation model rendering...

Invoice Ninja 跨站脚本漏洞

Invoice Ninja is an open-source application developed by Invoice Ninja, featuring functions for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a cross-site scripting vulnerability. This vulnerability stems from the product notes field allowing raw HTML to ...

PT-2026-28508

Name of the Vulnerable Software and Affected Versions Kestra versions up to and including 1.3.3 Description Kestra is an open-source, event-driven orchestration platform. Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields – description, inputs.displayName,...

cross-site-scripting-lab

XSS Lab Documentation Overview What Is Cross-Site Scr...

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

CVE-2026-33749 n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

n8n is an open source workflow automation platform. Prior to versions 1.123.27, 2.13.3, and 2.14.1, an authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such...

CVE-2026-33749

n8n is vulnerable to XSS in versions prior to 1.123.27, 2.13.3, and 2.14.1. An authenticated user who can create or modify workflows could craft a workflow that returns an HTML binary data object via /rest/binary-data without a filename and without Content-Disposition or Content-Security-Policy h...

GHSA-86VC-MG26-FJ6X Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub. Mattermost Advisory ID:...

CVE-2026-20719 DoS via URL Previews Rendering Malicious SVGs

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...

CVE-2026-20719 DoS via URL Previews Rendering Malicious SVGs

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...

CVE-2026-20719

CVE-2026-20719 affects Mattermost server/components that render external SVGs in link embeds across Mattermost 10.11.x–11.4.x (including 11.2.x, 11.3.x, 11.4.x). The root cause is failure to prevent rendering of external SVGs in embeds, enabling unauthenticated users to crash the web/desktop apps...

CVE-2026-25465

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Stored XSS.This issue affects CP Multi View Event Calendar : from n/a through = 1.4.37...

CVE-2026-23366

A flaw was found in the Linux kernel's Direct Rendering Manager DRM client component. This vulnerability occurs when the system attempts to destroy an uninitialized memory pointer, specifically the 'modes' variable within the drmclientmodesetprobe function, after a memory allocation failure. This...

SUSE CVE-2026-26195

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, stored xss is still possible through unsafe template rendering that mixes user input with safe plus permissive sanitizer handling of data urls. This issue has been patched in version 0.14.2...

Craft CMS 5.9.x < 5.9.11 Stored XSS (GHSA-3x4w-mxpf-fhqq)

The version of Craft CMS installed on the remote host is 5.9.x prior to 5.9.11. It is, therefore, affected by a cross-site scripting vulnerability: - The revision/draft context menu in the element editor renders the creator's fullName as raw HTML due to the use of Template::raw combined with...

GHSA-M2P3-HWV5-XPQW Scriban: Denial of Service via Unbounded Cumulative Template Output Bypassing LimitToString

Summary The LimitToString safety limit default 1MB since commit b5ac4bf can be bypassed to allocate approximately 1GB of memory by exploiting the per-call reset of currentToStringLength in ObjectToString. Each template expression rendered through TemplateContext.WriteSourceSpan, object triggers a...

CVE-2026-33418 @dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection

DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...

CVE-2026-33418 @dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection

DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafti...