6 matches found
PT-2026-48690
Name of the Vulnerable Software and Affected Versions @openzeppelin/wizard versions prior to 0.10.9 Description The OpenZeppelin Contracts Wizard generates example test files for Hardhat test/test.ts and Foundry test/.t.sol that interpolate user-supplied strings opts.name and opts.uri into the te...
EUVD-2026-11385
ha-mcp has XSS via Unescaped HTML in OAuth Consent Form...
PT-2026-24838
Name of the Vulnerable Software and Affected Versions ha-mcp versions prior to 7.0.0 Description ha-mcp is a Home Assistant MCP Server. Prior to version 7.0.0, the OAuth consent form renders user-controlled parameters using Python f-strings without proper HTML escaping. This allows an attacker wh...
Cross-site Scripting (XSS)
Magento-lts is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unescaped translation strings and URLs rendered in the admin notification grid, which allows an attacker with database or feed access to inject malicious scripts into vulnerable fields...
EUVD-2014-2593
Malware in sbrugna...
Arbitrary Code Execution
symfony/symfony is vulnerable to arbitrary code execution. The vulnerability exists as the VarExporter does not properly escape strings, allowing strings with newlines to be executed...