4 matches found
PT-2026-32490
Name of the Vulnerable Software and Affected Versions KubePlus version 4.14 Description The '/registercrd' endpoint in the kubeconfiggenerator component is susceptible to command injection. The issue occurs because the component utilizes the subprocess.Popen function with the shell=True parameter...
Arbitrary Command Injection
Overview renovate is a dependency updater. Affected versions of this package are vulnerable to Arbitrary Command Injection due to the improper sanitazation of user-supplied chart name in the helmRepositoryArgs function of kustomize manager. An attacker can execute arbitrary commands on the host...
Cross-site Scripting (XSS)
apachesuperset is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of chart column labels, which allows an attacker to inject malicious payloads that execute in a victim’s browser and potentially lead to session hijacking or arbitrary command...
CVE-2025-8867
The Graphina - Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widget parameters in version 3.1.3 and below. This is due to insufficient input sanitization and output escaping on user supplied attributes such as chart categories,...