CVE-2026-41576

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

EUVD-2026-27019

Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in the note export flow can be escalated to remote code execution in the desktop app. The root cause is...

Notesnook 跨站脚本漏洞

Notesnook is an end-to-end encrypted note application developed by Streetwriters. Versions of Notesnook for Web/Desktop prior to 3.3.15, as well as versions for iOS/Android prior to 3.3.20, had a cross-site scripting vulnerability. This vulnerability stemmed from the lack of HTML escaping for...

STIG Manager 跨站脚本漏洞

STIG Manager is an information security compliance assessment management tool open source by NUWCDIVNPT. Versions 1.5.10 to 1.6.7 of STIG Manager have a cross-site scripting vulnerability. This vulnerability stems from improper handling of OIDC authentication errors, where innerHTML is written...

PT-2026-33531

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars. An authenticated user with Finance permissions can inject HTML attribute-breaking...

CVE-2026-33080

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

CVE-2026-33301 OpenEMR has arbitrary image file read via PDF generator

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, users with the Notes - my encounters role can fill Eye Exam forms in patient encounters. The answers to the form can be printed out in PDF form. An arbitrary file read...

CVE-2026-33301

OpenEMR (before version 8.0.0.2) is affected by an arbitrary image file read via the PDF generator. The vulnerability arises in the PDF creation function where form answers are parsed as unescaped HTML, enabling an attacker with the Notes - my encounters role to cause the generated PDF to include...

OpenEMR 代码问题漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.2 contained code...

CakePHP 5.2.12 Released

CakePHP 5.2.12 Released The CakePHP core team is happy to announce the immediate availability of CakePHP 5.2.12. This is a security fix release for the 5.2 branch that fixes a security issue with PaginatorHelper. This release is recommended for all applications using PaginatorHelper::limitControl...

CVE-2025-66460 Lookyloo vulnerable to XSS due to lack of escaping in HTML elements passed to Datatables

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, Lookyloo passed improperly escaped values to cells rendered in datatables using the orthogonal-data feature. It is definitely exploitable from the popu...

CVE-2025-66460

CVE-2025-66460 Lookyloo is a vulnerability in the Lookyloo web interface (pre-1.35.3) where improperly escaped values were passed to datatables cells rendered via the orthogonal-data feature. This can enable cross-site scripting (XSS) by injecting unsafe content into the UI, and is exploitable fr...

Linux Distros Unpatched Vulnerability : CVE-2021-30157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and...

OpenRefine 安全漏洞

OpenRefine is a Java-based open source tool from OpenRefine Open Source. The product is mainly used for loading data, analyzing data and cleaning data, etc. A security vulnerability exists in OpenRefine prior to version 3.8.3, which stems from the built-in "Something went error!" error page that...

PT-2024-40127 · Packagist · Silverstripe Cms

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A cross-site scripting issue has been found in the CMS page history tab. This can be exploited if a user with CMS access posts malicious or unescaped HTML into any text fields on a...

Zimbra Collaboration Suite 跨站脚本漏洞

Synacor Zimbra Collaboration Suite ZCS is an open source collaboration suite from Synacor, USA. The product includes WebMail, Calendar, Address Book and more. A security vulnerability exists in Zimbra Collaboration Suite 8.8, which originates from a vulnerability that can be exploited by an...

Poddycast 跨站脚本漏洞

Poddycast is an electronically produced podcasting application. A cross-site scripting vulnerability exists in Poddycast that stems from the product not clearing HTML special characters from podcast messages. An attacker could cause client-side code execution via this vulnerability. The following...