106028 matches found
CVE-2026-25786
CVE-2026-25786 affects devices where the web interface’s communication parameters page renders a PLC/station name. The root cause is inadequate validation/sanitization of the name, enabling an authenticated user (who is allowed to download a TIA project) to inject malicious scripts into the page....
CVE-2026-25786
Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web interface. This could allow an authenticated attacker who is authorized to download a TIA project into the product, to inject malicious scripts into the page. If a...
CVE-2026-2300
The BJ Lazy Load plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the filterimages function in all versions up to, and including, 1.0.9. This is due to the use of regex-based HTML processing pregreplace that does not properly handle HTML attribute boundaries when replacing sr...
CVE-2026-5715
The Voyage Plus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the 'post-content' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible fo...
CVE-2026-7659
The Advanced Social Media Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the social shortcode in all versions up to, and including, 1.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-4920 Next Date <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'default' Shortcode Attribute
The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2026-4920
The Next Date plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'default' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attacker...
CVE-2026-5340
The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's fancy-img-show shortcode in all versions up to, and including, 9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...
CVE-2026-6913 Shortcodely <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'widget_area' Shortcode Attribute
The Shortcodely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'widgetarea' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...
Malicious code in @chahuadev/junk-sweeper-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3d446150767f92344d8d0a699f5879bd746200fb8beb60554408699868f03d51 The package's postinstall script package.json line 10: "postinstall": "node install.js" unconditionally fetches a platform-native executable from...
EUVD-2026-29370
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...
CVE-2026-27682
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...
CVE-2026-40038
Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, commentbody, articlecontent, description, and message parameters...
CVE-2026-27682
Due to a reflected cross-site scripting XSS vulnerability in SAP NetWeaver Application Server ABAP Applications based on Business Server Pages, an unauthenticated attacker could craft a URL that exploits an unprotected URL parameter to embed a malicious script. If a victim clicks the link, the...
CVE-2026-27682
SAP NetWeaver Application Server ABAP (Apps based on Business Server Pages) is affected by a reflected XSS vulnerability. An unauthenticated attacker can craft a URL with an unprotected parameter; if a user clicks the link, the injected input is processed during web page generation, leading to ex...
Exploit for Race Condition Enabling Link Following in Linuxfoundation Runc
CVE-2025-31133 Compose Build Lab This lab is a small PaaS sim...
PT-2026-40120
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the post install...
CVE-2023-27753
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...
WordPress plugin Tm – WordPress Redirection 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
PT-2026-40247
Name of the Vulnerable Software and Affected Versions Visual Studio Code affected versions not specified Description Improper neutralization of script-related HTML tags in a web page leads to a basic cross-site scripting XSS issue. This lack of data sanitization at the control level allows an...