CVE-2026-33587

CVE-2026-33587 affects Open Notebook v1.8.3 and is due to lack of user input sanitisation enabling Server-Side Template Injection (SSTI). This allows an application user to run Python code within the server context and, consequently, execute OS commands inside the Docker container for user-create...

EUVD-2024-27813

Malicious code in bioql PyPI...

PT-2025-43033

Name of the Vulnerable Software and Affected Versions xen affected versions not specified Description Certain Viridian hypercalls can be specified in a way that leads to a security issue. Details are available in a linked source. Recommendations At the moment, there is no information about a newe...

CVE-2022-2448

The reSmush.it WordPress plugin before 0.4.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

Age Gate < 2.17.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks...

CVE-2022-1104

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-0953

The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.20.96 does not sanitise and escape the QUERYSTRING before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting in browsers which do not encode characters...