61379 matches found
CVE-2026-13042
The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
CVE-2026-13042
Technical details about CVE-2026-13042 are not publicly available in the provided documents; monitor for updates.
CVE-2026-13042 RPB Chessboard <= 8.1.2 - Unauthenticated Stored Cross-Site Scripting via Comment Content
The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
EUVD-2026-44865
The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
PT-2026-60406
The RPB Chessboard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Comment Content in all versions up to, and including, 8.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...
systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
Summary On Linux, systeminformation's networkInterfaces is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive. While collecting per-interface DHCP state, the library reads /etc/network/interfaces and, for every source line it encounters, extracts the path...
GHSA-5XPP-75JX-M839 systeminformation: OS command injection in networkInterfaces() via interfaces(5) source-directive path on Linux
Summary On Linux, systeminformation's networkInterfaces is vulnerable to OS command injection through the Debian/Ubuntu interfaces5 source directive. While collecting per-interface DHCP state, the library reads /etc/network/interfaces and, for every source line it encounters, extracts the path...
GHSA-7GCF-G7XR-8HXJ serde_with: KeyValueMap serialization panics on empty sequence or map entries
Summary The public KeyValueMap serializer assumes that each mapped element has at least one field or item to use as the map key, but it subtracts 1 from the caller-visible length before validating that assumption. An application that serializes attacker-controlled data through serdeasas =...
serde_with: KeyValueMap serialization panics on empty sequence or map entries
Summary The public KeyValueMap serializer assumes that each mapped element has at least one field or item to use as the map key, but it subtracts 1 from the caller-visible length before validating that assumption. An application that serializes attacker-controlled data through serdeasas =...
Exploit for CVE-2026-21045
CVE-2026-21045 & CVE-2026-21048 — Samsung libimagecodec.quram...
CVE-2026-50182
WWBN AVideo is an open source video platform. Versions prior to 29.0 contain an unauthenticated Reflected XSS vulnerability through AVideo YouTubeAPI Gallery Pagination. The $GET'search' query parameter is concatenated directly into the href attribute of two pagination links in...
JLSEC-2026-770 OSGeo GDAL vulnerable to out-of-bounds read
A weakness has been identified in OSGeo gdal up to 3.13.0dev-4. The affected element is the function GDfieldinfo of the file frmts/hdf4/hdf-eos/GDapi.c. Executing a manipulation can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been made available to the...
EUVD-2026-44827
WWBN AVideo is an open source video platform. Versions prior to 29.0 contain an unauthenticated Reflected XSS vulnerability through AVideo YouTubeAPI Gallery Pagination. The $GET'search' query parameter is concatenated directly into the href attribute of two pagination links in...
CVE-2026-50182 AVideo Has Unauthenticated Reflected XSS via $_GET['search'] in YouTubeAPI Gallery Pagination
WWBN AVideo is an open source video platform. Versions prior to 29.0 contain an unauthenticated Reflected XSS vulnerability through AVideo YouTubeAPI Gallery Pagination. The $GET'search' query parameter is concatenated directly into the href attribute of two pagination links in...
CVE-2026-50182
Summary (CVE-2026-50182) WWBN AVideo (API + YouTubeAPI + Layout plugins) is affected. Versions prior to 29.0 contain an unauthenticated Reflected XSS via the $_GET['search'] parameter used in the YouTubeAPI gallery pagination. The payload is injected into the hrefs of the previous/next page links...
CVE-2026-49867
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...
EUVD-2026-44786
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...
CVE-2026-49867
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...
CVE-2026-49867
DataEase (open source data visualization tool) contains an authenticated stored XSS in template static resources prior to version 2.10.23. The flaw occurs when authenticated users submit TemplateManageRequest.staticResource via POST /de2api/templateManage/save or via DataVisualizationServer.decom...
CVE-2026-49867 DataEase: Authenticated Stored XSS in DataEase Template Static Resources
DataEase is an open source data visualization and analysis tool. Prior to 2.10.23, DataEase template static resources let authenticated users submit TemplateManageRequest.staticResource through POST /de2api/templateManage/save or DataVisualizationServer.decompression, after which...