CVE-2026-34246 CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contain a Stored Cross-Site Scripting XSS vulnerability exists in the admin role management interface. In app/Http/Controllers/Admin/RoleController.php, the datatable method interpolates $role-name and...

CVE-2026-31352

An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...

GHSA-HQJC-WFVX-X2FV Feehi CMS has an authenticated stored cross-site scripting (XSS) vulnerability via the Role Management module

An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...

Cross-site Scripting (XSS)

Overview feehi/cms is a Feehi CMS project template. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Role Name parameter in the Role Management module. An attacker can execute arbitrary web scripts or HTML in the context of a user's browser by injecting a craft...

CVE-2026-31352

An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...

PT-2026-30653

An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...

CVE-2026-31352

Feehi CMS v2.1.1 contains an authenticated stored XSS in the Role Management module, exploitable by injecting a crafted payload into the Role Name field. The affected component is Role Management; the root cause is improper handling/escaping of input in Role Name. No exploit specifics or remedial...

CVE-2026-31352

An authenticated stored cross-site scripting XSS vulnerability in the Role Management module of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Role Name parameter...

CVE-2022-42724

app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names this is information that only the site admin should have...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the improper validation of AWS Account ID during authentication. An attacker can gain unauthorized access by authenticating with an IAM role from an untrusted AWS account that shares the same role name as ...

CVE-2025-59048

OpenBao's AWS Plugin (auth-aws) is affected by CVE-2025-59048: prior to v0.1.1, cross-account IAM role impersonation is possible when an untrusted account has a role with the same name as a trusted account, enabling unauthorized access in multi-account AWS setups. The issue has a patch in v0.1.1;...

EUVD-2018-10804

Malware in sbrugna...

EUVD-2016-5318

Malware in sbrugna...

EUVD-2021-1193

Malware in sbrugna...

EUVD-2025-25629

Malicious code in bioql PyPI...

EUVD-2024-0690

Malicious code in bioql PyPI...

EUVD-2023-30932

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-7925

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially craft...

CVE-2025-43764

Self-ReDoS Regular expression Denial of Service exists with Role Name search field of Kaleo Designer portlet JavaScript in Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.1, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.20...

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the Role Name search field of Kaleo Designer portlet. An attacker can cause the browser to become unresponsive for an extended period by submitting a specially crafted regular expression...