93 matches found
EUVD-2026-29547
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally...
CVE-2026-25544
Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...
CVE-2026-25544
Payload CMS (free/open-source headless CMS) prior to v3.73.0 is vulnerable to blind SQL injection in JSON and richText queries when using PostgreSQL/SQLite adapters. User input is embedded into SQL without escaping, enabling unauthenticated data disclosure (emails, password reset tokens) and full...
CVE-2026-25544 Payload has an SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data emails, password...
GHSA-XX6W-JXG9-2WH8 @payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters
Impact When querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL Injection attacks. An unauthenticated attacker could extract sensitive data emails, password reset tokens and achieve full account takeover without password cracking. Users...
SQL Injection
Overview @payloadcms/db-d1-sqlite is a The officially supported D1 SQLite database adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accoun...
SQL Injection
Overview @payloadcms/db-vercel-postgres is a Vercel Postgres adapter for Payload Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user accounts by injecting crafte...
SQL Injection
Overview @payloadcms/drizzle is an A library of shared functions used by different payload database adapters Affected versions of this package are vulnerable to SQL Injection when querying JSON or richText fields. An attacker can extract sensitive information and gain unauthorized access to user...
PT-2026-6650
Name of the Vulnerable Software and Affected Versions Payload versions prior to 3.73.0 Description Payload is a free and open source headless content management system. Prior to version 3.73.0, user input was directly embedded into SQL queries without proper escaping when querying JSON or richTex...
DNN DotNetNuke.Core < 9.13.10 / 10.0 < 10.2.0 XSS
According to its self-reported version, the instance of DNN formerly DotNetNuke running on the remote web server is prior to 9.13.10 and 10.2.0. It is, therefore, affected by a cross-site scripting vulnerability: - DNN formerly DotNetNuke is an open-source web content management platform CMS in t...
CVE-2026-24833
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...
CVE-2026-24838
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Module title supports richtext which could include scripts that would execute in certain scenarios...
GHSA-W9PF-H6M6-V89H DotNetNuke.Core Vulnerable to Stored XSS via Module Title
Module title supports richtext which could include scripts that would execute in certain scenarios...
CVE-2026-24838
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the description field in the module installation process. An attacker can execute arbitrary scripts ...
CVE-2026-24833
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...
CVE-2026-24836
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...
CVE-2026-24838
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...
CVE-2026-24838 DotNetNuke.Core Vulnerable to Stored XSS via Module Title
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...