105 matches found
DRUPAL-CONTRIB-2026-075
This module enables you to use Single Directory Components in site building views, field formatters, blocks, layouts and it improves the Developer Experience DX with SDC. The module doesn't sufficiently sanitize the markup passed to components under certain scenarios. This vulnerability is...
SQL Injection
Overview Affected versions of this package are vulnerable to SQL Injection via mysqlrealescapestring when used with the text protocol and the Big5 character set. An attacker can execute arbitrary SQL queries by supplying specially crafted input that bypasses escaping performed by...
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html
Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...
FreeScout 代码问题漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.217 contained code vulnerabilities. These vulnerabilities stemmed from the Helper::sanitizeRemoteUrl function, which...
GHSA-34R5-6J7W-235F Inspektor Gadget uses unsanitized ANSI Escape Sequences In `columns` Output Mode
Description String fields from eBPF events in columns output mode are rendered to the terminal without any sanitization of control characters or ANSI escape sequences. Therefore, a maliciously forged – partially or completely – event payload, coming from an observed container, might inject the...
Cross-site Scripting (XSS)
Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Custom CSS field in the Chat Trigger node due to improper sanitization in the sanitize-html library. An authenticated user with permission to create or modify workflows and...
Stored Cross-site Scripting (XSS)
com.liferay.portal, release.portal.bom is vulnerable to Stored cross-site scripting XSS. The vulnerability is due to insufficient sanitization of rich text fields in web content translation, which allows an attacker to inject malicious HTML or script that executes when viewed by other users...
CVE-2025-54384
CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdownextract function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided...
EUVD-2020-21948
Malware in sbrugna...
EUVD-2019-0900
Malware in sbrugna...
EUVD-2020-18132
Malware in sbrugna...
EUVD-2021-24900
Malware in sbrugna...
EUVD-1999-1567
Malware in sbrugna...
EUVD-2023-53557
Malicious code in bioql PyPI...
EUVD-2024-2797
Malicious code in bioql PyPI...
EUVD-2023-25579
Malicious code in bioql PyPI...
EUVD-2024-34045
Malicious code in bioql PyPI...
EUVD-2025-5502
Malicious code in bioql PyPI...
EUVD-2024-1647
Malicious code in bioql PyPI...
EUVD-2024-50550
Malicious code in bioql PyPI...