1393 matches found
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization
xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled comment content to be serialized into XML without validating or...
Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()
Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...
CVE-2026-7997
Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: Low...
EUVD-2025-209669
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...
CVE-2025-31951 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...
CVE-2025-31951
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...
Conversation Isolation Bypass
Spring AI is vulnerable to conversation isolation bypass. The vulnerability is due to insufficient validation of user-supplied input as a conversationId, where an attacker can inject filter logic through conversationId and exfiltrate sensitive memory from other users’ chat histories, including...
GHSA-75XQ-5H9V-W6PX net-imap vulnerable to command Injection via unvalidated Symbol inputs
Summary Symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. Details Symbol arguments represent IMAP "system flags", which are formatted as "atoms" with no quoting with a "" prefix. Vulnerable versions of Net::IMAP...
CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess
Summary The deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are passed directly to $forge-dropTable without validating that the tables belong to the theme being deleted. The deleteConfirm view correctly populates tables from the theme's own migration...
CVE-2026-25863
Vulnerability summary (CVE-2026-25863): The WordPress plugin “Conditional Fields for Contact Form 7” (CF7 Conditional Fields), affected up to version 2.6.7, contains an uncontrolled resource consumption issue in Wpcf7cfMailParser.hide_hidden_mail_fields_regex_callback(). The method reads an itera...
EUVD-2026-27083
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hidehiddenmailfieldsregexcallback method reads an iteration count directly from user-supplied POST parameters without...
CVE-2026-42146
CVE-2026-42146 affects the CImg Library (C++) where the nb_colors field read from BMP headers is used to compute an allocation size without validating against the remaining file size, enabling an out-of-memory condition when loading crafted untrusted BMPs. A patch (commit c3aacf5) fixes the issue...
WordPress plugin Conditional Fields for Contact Form 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-36894
Conditional Fields for Contact Form 7 WordPress plugin through version 2.6.7 contains an uncontrolled resource consumption vulnerability in the Wpcf7cfMailParser class where the hide hidden mail fields regex callback method reads an iteration count directly from user-supplied POST parameters...
GHSA-JFGF-83C5-2C4M i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters
Summary Versions of i18next-http-middleware prior to 3.9.3 pass the user-controlled lng and ns values from getResourcesHandler directly into i18next.services.backendConnector.loadlanguages, namespaces, … without any sanitisation. Depending on which backend is configured, the unvalidated path...
SQL Injection
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to SQL Injection via the row:search and row:get operations in the SeaTable node when user-controlled input is passed through expressions into the searchTerm or rowId parameters. An attacker can access...
CVE-2025-10503
The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...
mcp-stdio-exploit
MCP STDIO Exploit: A Local Reimplementation Vulnerability...
CVE-2026-29050 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses
melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a...
GHSA-98F2-W9H9-7FP9 melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses
Impact An attacker who can influence a melange configuration file — for example through pull-request-driven CI or build-as-a-service scenarios — could set pipeline.uses to a value containing ../ sequences or an absolute path. The Compiled.compilePipeline function in pkg/build/compile.go passed us...