Pentora

Pentora v1.0 Pentora is a terminal-first web vulnerability...

CVE-2026-2276

Reflected Cross-Site Scripting XSS vulnerability in the Wix web application, where the endpoint ' https://manage.wix.com/account/account-settings ', responsible for uploading SVG images, does not properly sanitize the content. An authenticated attacker could upload an SVG file containing embedded...

CVE-2026-26009

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

Phraseanet vulnerable to stored cross-site scripting through crafted file names

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...

Kimai 2 vulnerable to persistent cross-site scripting in the timesheet descriptions

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

CVE-2019-25311

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...

CVE-2019-25317

Kimai 2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into timesheet descriptions. Attackers can insert SVG-based XSS payloads in the description field to execute arbitrary JavaScript when the page is loaded and viewed by other users...

CVE-2018-25157

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability: authenticated users can inject scripts via crafted file names during document uploads, with SVG-embedded payloads executing in the browser and potentially stealing cookies or redirecting users when the file is viewed. Root cau...

CVE-2018-25157

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...

CVE-2026-0724

The WPlyr Media Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wplyraccentcolor' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

kimai 跨站脚本漏洞

Kimai is a web-based, multi-user time tracking application developed by Kimai’s individual developer. Kimai 2 has a cross-site scripting vulnerability, which stems from stored-xss attacks. This vulnerability could allow the injection of malicious SVG-based scripts into schedule descriptions,...

PT-2026-7600

Phraseanet 4.0.3 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through crafted file names during document uploads. Attackers can upload files with embedded SVG scripts that execute in the browser, potentially stealing cookies or...

CVE-2026-26009

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

CVE-2026-26009

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

CVE-2026-26009 Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

CVE-2026-26009 Catalyst Affected by Remote Code Execution as Root via Containerized Install Script Execution

Catalyst is a platform built for enterprise game server hosts, game communities, and billing panel integrations. Install scripts defined in server templates execute directly on the host operating system as root via bash -c, with no sandboxing or containerization. Any user with template.create or...

CVE-2026-26009

CVE-2026-26009 affects the Catalyst platform used for enterprise game server hosting, game communities, and billing panel integrations. The issue arises because install scripts defined in server templates run on the host OS via bash -c without sandboxing or containerization. Any user with templat...

Directory Traversal

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Directory Traversal due to the improper sanitization of nested traversal sequences e.g., ....// in multiple API endpoints. An attacker can gain full syst...

Catalyst 操作系统命令注入漏洞

Catalyst is a web application framework developed by karutoil’s developers. Catalyst has a vulnerability related to operating system command injection. This vulnerability stems from the installation scripts defined in the server templates, which execute directly on the host operating system with...

PT-2026-7439

Name of the Vulnerable Software and Affected Versions Catalyst versions prior to 11980aaf3f46315b02777f325ba02c56b110165d Description The platform allows users with template.create or template.update permissions to define arbitrary shell commands within server templates. These commands are execut...