EUVD-2026-17961

Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the project root. This is achieved by manipulating the relativePath parameter in GraphQL mutations. T...

EUVD-2026-17899

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The application reflects the content of the msg parameter back to the user without proper HTML encoding or...

CVE-2026-30526

A Reflected Cross-Site Scripting XSS vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The application reflects the content of the msg parameter back to the user without proper HTML encoding or...

WhatsApp on Windows users targeted in new campaign, warns Microsoft

Microsoft researchers found a campaign that abuses WhatsApp attachments to sneak a script onto Windows machines which will lead to the attacker gaining remote control. WhatsApp offers a desktop application for Windows and macOS, which users can synchronize with their mobile devices. Desktop...

Exploit for CVE-2026-30332

CVE-2026-30332 Description A Time-of-Check to Time-of-Use...

MAL-2026-2400 Malicious code in kube-node-health (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 391555cff14c82156843bee267daf896c3e3e989b9c899ef34b12ac7e23b1c7e During import, the code download and starts remote executable that later connects to a C2 server, likely establishing a reverse tunnel. After executing the...

CVE-2025-10551

A Stored Cross-site Scripting XSS vulnerability affecting Document Management in ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session...

CVE-2026-1877

The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'apsoptionspage' function. This makes it possible for unauthenticated attackers to update settings and inject malicio...

CVE-2026-5257

The CVE-2026-5257 entry concerns code-projects Simple Laundry System 1.0. The vulnerability affects the Parameter Handler component, specifically the /delstaffinfo.php file, where manipulating the userid parameter leads to a SQL injection. The issue is exploitable remotely, and public disclosures...

CVE-2026-5255

A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in cross site scripting. The attack may be launched remotely. The exploit is now...

CVE-2025-32957

baserCMS is a website development framework. Prior to version 5.2.3, the application's restore function allows users to upload a .zip file, which is then automatically extracted. A PHP file inside the archive is included using requireonce without validating or restricting the filename. An attacke...

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin = 7.4.10 - Authenticated Contributor+ Stored Cross-Site Scripting via 'maxwidth' Shortcode Attribute vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Shortcodes Ultimate versions = 7.4.10...

CVE-2026-3774

Foxit PDF Editor/Reader (pre-2026.1) is affected by CVE-2026-3774 due to PDF JavaScript and document/print actions (WillPrint/DidPrint) updating form fields, annotations, or OCGs around redaction, encryption, or printing. The script-driven updates are not fully covered by the existing redaction/e...

GHSA-5724-X3RH-5QQQ YesWiki has Multiple Reflected Cross-site Scripting Vulnerabilities

Summary Multiple reflected Cross-site Scripting XSS vulnerabilities across both authenticated and unauthenticated portions of the application. These findings present a significant security risk, as they can be leveraged to execute arbitrary JavaScript in a victim’s browser under various contexts...

Code-Projects Simple Laundry System SQL注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a SQL...

PT-2026-29551

A vulnerability in the web-based management interface of Cisco IMC could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by...

CVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...

SourceCodester Zoo Management System 安全漏洞

The SourceCodester Zoo Management System is an open-source zoo management system developed by SourceCodester. Version 1.0 of the SourceCodester Zoo Management System contains a security vulnerability. This vulnerability stems from a reflection cross-site scripting vulnerability in the msg paramet...

PT-2026-29555

Name of the Vulnerable Software and Affected Versions Cisco IMC affected versions not specified Description A flaw exists in the web-based management interface of Cisco IMC that may allow a remote attacker with administrative privileges to perform a stored Cross-Site Scripting XSS attack against ...

Xenforo 安全漏洞

Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.10 and 2.2.19 contained security vulnerabilities. These vulnerabilities stemmed from the use of structured text references that allowed for cross-site scripting attacks, potentially allowing attackers t...