CVE-2026-44897 Mistune Heading ID Attribute Injection XSS

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, HTMLRenderer.heading builds the opening tag by string-concatenating the id attribute value directly into the HTML — with no call to escape, safeentity, or any other sanitisation function. A double-quote character " in...

WordPress plugin Easy GitHub Gist Shortcodes 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A cross-site...

CVE-2025-9485

CVE-2025-9485 is an authentication-bypass flaw in the WordPress plugin “OAuth Single Sign On – SSO (OAuth Client)” up to v6.26.12. The root cause is improper verification of cryptographic signatures due to unsafe JWT handling in get_resource_owner_from_id_token, enabling unauthenticated attackers...

Code-Projects Patient Record Management System 注入漏洞

Patient Record Management System is a medical record management system. Patient Record Management System suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter ID of the /editdpatient.php file. An attacker can exploit...

The vulnerability of the update_banner_message() function in the Nagios XI monitoring tool allows a hacker to gain unauthorized access to protected information and execute arbitrary code.

The vulnerability of the updatebannermessage function in the Nagios XI monitoring tool is related to the lack of measures taken to protect the SQL query structure when processing the ID parameter. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access t...