CVE-2026-30954

Affected software: LinkAce (self-hosted archive). Vulnerable component: processTaxonomy() in LinkRepository.php. Root cause / what happens: In 2.1.0 and earlier, authenticated users can attach other users’ private tags and lists to their own links by passing integer IDs. Impact (as stated): allow...

CVE-2012-6572

Cross-site scripting XSS vulnerability in the phptemplatepreprocessnode function in template.php in the Inf08 theme 6.x-1.x before 6.x-1.10 for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTML via a taxonomy vocabulary name...