CVE-2026-28561 wpForo Forum 2.4.14 Stored XSS via Unescaped Forum Description in Templates

wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows administrators to inject persistent JavaScript via forum description fields echoed without output escaping across multiple theme template files. On multisite installations or with a compromised admin account,...

CVE-2017-15872

phpwcms 1.8.9 has XSS in include/inctmpl/admin.edituser.tmpl.php and include/inctmpl/admin.newuser.tmpl.php via the username aka newlogin field...

CVE-2024-10940

A vulnerability in langchain-core versions =0.1.17,=0.2.0,=0.3.0,0.3.15 allows unauthorized users to read arbitrary files from the host file system. The issue arises from the ability to create langchaincore.prompts.ImagePromptTemplate's and by extension langchaincore.prompts.ChatPromptTemplate's...

CVE-2024-55601 Hugo does not escape some attributes in internal templates

Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are usin...