SUSE CVE-2026-22771

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. Prior to 1.5.7 and 1.6.2, EnvoyExtensionPolicy Lua scripts executed by Envoy proxy can be used to leak the proxy's credentials. These credentials can then be used to communica...

PT-2026-5040

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 9.13.10 DNN formerly DotNetNuke versions prior to 10.2.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Prior to versions 9.13.10 and 10.2.0, a module could be...

Victor CMS code-related vulnerabilities

Victor CMS is an open-source content management system developed by Victor Alagwu in Nigeria. Version 1.0 of Victor CMS has code-related vulnerabilities; these vulnerabilities stem from defects in the file upload functionality, which may lead to the upload and execution of malicious PHP files...

Embedded Malicious Code

Overview @dydxprotocol/v4-client-js is a malicious package. Versions of this package were compromised with malicious scripts in core registry files. Remediation Avoid using all malicious instances of the @dydxprotocol/v4-client-js package. Credit: Kush Pandya...

[SECURITY] [DSA 6111-1] imagemagick security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6111-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 26, 2026 https://www.debian.org/security/faq -...

Exploit_Scripts

E...

WellChoose Single Sign-On Portal System Cross-Site Script Vulnerabilities

WellChoose Single Sign-On Portal System is a single-sign-on portal system developed by WellChoose, a company based in Taiwan, China. The WellChoose Single Sign-On Portal System has a cross-site scripting vulnerability. This vulnerability stems from the presence of reflective cross-site scripts,...

MedDream PACS Premium Cross-Site Scripting Vulnerability (CNVD-2026-11738)

MedDream PACS Premium is an enterprise-class image storage and management server suite from MedDream. MedDream PACS Premium suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by the autoPurge feature. An attacker could exploit the...

CVE-2025-12836

The VK Google Job Posting Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Job Description field in versions up to, and including, 1.2.23 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticat...

CVE-2021-47906

BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users...

CVE-2018-25132

MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...

CVE-2018-25116

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution...

CVE-2021-47906

CVE-2021-47906 affects BloofoxCMS 0.5.2.1, with a stored cross-site scripting (XSS) vulnerability in the articles text parameter. The root cause is unfiltered user input in the text field, allowing authenticated attackers to inject JavaScript payloads that can execute in other users’ browsers and...

CVE-2018-25116 MyBB Thread Redirect Plugin 0.2.1 - Cross-Site Scripting

MyBB Thread Redirect Plugin 0.2.1 contains a cross-site scripting vulnerability in the custom text input field for thread redirects. Attackers can inject malicious SVG scripts that will execute when other users view the thread, allowing arbitrary script execution...

GO-2026-4312 Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway

Envoy Extension Policy lua scripts injection causes arbitrary command execution in github.com/envoyproxy/gateway...

PT-2026-4508

Name of the Vulnerable Software and Affected Versions PEEL Shopping version 9.3.0 Description PEEL Shopping 9.3.0 has a stored cross-site scripting issue in the 'Comments / Special Instructions' parameter of the purchase page. An attacker can inject malicious JavaScript payloads that execute when...

MAL-2026-470 Malicious code in urlsssser (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 242b446cd6cce908f668bfc1b199aa8f54a9ee1138b399ea6012f3b2bd2624e8 Package does not contain malicious code, but was published as a part of the malicious campaign and is used during further infection stages --- Category:...

CVE-2025-69317

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through 2.4.6...

Delta Electronics DIAView

RISK EVALUATION Successful exploitation of this vulnerability could enable an attacker to execute arbitrary code. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. CISA reminds organizations to perform proper impact...

CVE-2026-24037

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...