CVE-2026-53693 MISP BSimVis stored cross-site scripting in tag and cluster rendering paths via unescaped tag metadata and UI labels

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

CVE-2026-45286

CVE-2026-45286 affects Nextcloud Open Source Content Collaboration Platform. An authenticated user could enumerate other users on the same instance by abusing the Calendar app’s endpoint for suggesting attendees; standard sharing restrictions did not apply to that endpoint. Impacted versions are ...

CVE-2026-45286 Nextcloud: Calendar app leaked user identifiers via attendee suggestion endpoint

Nextcloud is an open source content collaboration platform. From versions 5.5.13 to before 5.5.17, and 6.2.0 to before 6.2.3, an authenticated user can enumerate users on the same Nextcloud instance by using the Calendar app's endpoint for suggesting attendees. The sharing restrictions, applied t...

Parse Server's GraphQL "Did you mean ...?" validation suggestions disclose schema to unauthenticated callers

Impact Parse Server's GraphQL endpoint discloses schema metadata to unauthenticated callers through Did you mean ...? suggestions embedded in GraphQL validation-error messages. An unauthenticated caller who knows only the public application id can iteratively send malformed queries to reconstruct...

Cross-site Scripting (XSS)

Overview drupal/core is an an open source content management platform powering millions of websites and applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via entity suggestions whilst adding a link to CKEditor5. An attacker can execute arbitrary scripts in...

PT-2026-38406

Name of the Vulnerable Software and Affected Versions Vercel CLI versions 50.16.0 through 52.0.0 Description When running in non-interactive mode via the --non-interactive flag or auto-detected AI agent, commands that cannot complete autonomously emit JSON payloads containing suggested follow-up...

CLSA-2026-1777942724 vim: Fix of 3 CVEs

CVE-2021-3928: fix reading uninitialized memory in spell suggestions spellsuggest.c - CVE-2022-1616: fix buffer overflow in invalid command with composing chars exdocmd.c - CVE-2022-1620: fix NULL pointer dereference when using invalid pattern buffer.c...

DRUPAL-CORE-2026-003

Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross site scripting attack against another user...

Drupal core - Moderately critical - Cross-site scripting - SA-CORE-2026-003

Drupal 11.3 comes with support for completing entity suggestions whilst adding a link to CKEditor 5. The suggestions aren't sufficiently sanitized and a malicious user could trigger a stored cross site scripting attack against another user...

PT-2026-33242

Name of the Vulnerable Software and Affected Versions Drupal core versions 11.3.0 through 11.3.6 Description Drupal core contains an issue where entity suggestions provided during the process of adding a link to CKEditor 5 are not sufficiently sanitized. This allows a malicious user to trigger a...

The Code Whisperer: LLM and Graph-Based AI for Smell and Vulnerability Resolution

Code smells and software vulnerabilities both increase maintenance cost, yet they are often handled by separate tools that miss structural context and produce noisy warnings. This paper presents The Code Whisperer, a hybrid framework that combines graph-based program analysis with large language...

Ja4Scanner

Ja4Scanner — Bug Bounty Hunter's Toolkit A Python CLI tool fo...

PT-2026-28635

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.1.10 Drupal AI versions 1.2.0 through 1.2.11 Description An incorrect authorization issue exists in Drupal AI Artificial Intelligence that allows for resource injection. The module and certain submodules AI...

Anthropic Launches Claude Code Security for AI-Powered Vulnerability Scanning

Artificial intelligence AI company Anthropic has begun to roll out a new security feature for Claude Code that can scan a user's software codebase for vulnerabilities and suggest patches. The capability, called Claude Code Security , is currently available in a limited research preview to...

a-gpt (>=0.1.0 <=0.4.0), abacuz (=0.1.1) +1062 more potentially affected by unknown CVE via git2 (>=0.10.0 <=0.1.21)

git2 CARGO version =0.10.0, =0.1.0, =1.1.0, =0.0.1, =0.3.0, =1.0.0, =0.1.0, =0.3.3 - amisgitpm =0.0.1 - amp =0.6.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0008...

EUVD-2023-25647

Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule...

CVE-2021-0390

In various methods of WifiNetworkSuggestionsManager.java, there is a possible modification of suggested networks due to a missing permission check. This could lead to local escalation of privilege by a background user on the same device with no additional execution privileges needed. User...

CVE-2019-20619

An issue was discovered on Samsung mobile devices with P9.0 software. Secure Startup leaks keyboard suggested words. The Samsung ID is SVE-2019-13773 March 2019...

WordPress plugin Better Find and Replace – AI-Powered Suggestions 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A code injection...

Directory Traversal

@mastra/mcp-docs-server is vulnerable to Directory Traversal. The vulnerability is due to improper validation of file path inputs in the directory suggestion logic, which allows an attacker to bypass path traversal checks and list the contents of arbitrary directories on the user’s filesystem...