CVE-2026-34606

Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...

CVE-2026-34606

Frappe Learning Management System LMS is a learning system that helps users structure their content. From version 2.27.0 to before version 2.48.0, Frappe LMS was vulnerable to stored XSS. This issue has been patched in version 2.48.0...

CVE-2026-34606

CVE-2026-34606 concerns Frappe LMS. The vulnerability is a stored XSS affecting Frappe LMS releases from version 2.27.0 up to 2.47.x (i.e., before 2.48.0). The issue has been patched in 2.48.0 . The provided sources do not supply exploit details, affected modules, or specific attack vectors beyon...

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8

CVE-2025-58190 affecting package docker-compose for versions less than 2.27.0-8. A patched version of the package is available...

CVE-2025-58360 GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature

GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity XXE vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap...

AZL-70331 CVE-2025-47913 affecting package docker-compose for versions less than 2.27.0-6

SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...

CVE-2025-0547 XSS in Mikrogrup's Bizmu

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Paraşüt Software Bizmu allows Cross-Site Scripting XSS. This issue affects Bizmu: from 2.27.0 through 20250212...

CVE-2025-0547

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Paraşüt Software Bizmu allows Cross-Site Scripting XSS. This issue affects Bizmu: from 2.27.0 through 20250212...

Paraşüt Bizmu 跨站脚本漏洞

Paraşüt Bizmu is a cloud-based financial management and e-invoicing application from Paraşüt Turkey. A cross-site scripting vulnerability exists in Paraşüt Bizmu versions 2.27.0 through 20250212, which stems from improper input neutralization during web page generation and could lead to cross-sit...

PT-2025-38304

Name of the Vulnerable Software and Affected Versions Paraşüt Software Bizmu versions 2.27.0 through 20250212 Description This issue allows for Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Recommendations Paraşüt Software Bizmu versions 2.27.0 throu...

CVE-2024-53794

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through = 2.27.0...

CVE-2023-2564

OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0...

AZL-60557 CVE-2025-22872 affecting package docker-compose for versions less than 2.27.0-5

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

PT-2025-3353 · Guangzhou Polar Future Culture Technology Co. · University Search

Name of the Vulnerable Software and Affected Versions: Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS version 2.27.0 Description: The issue allows attackers to access sensitive user information via supplying a crafted link. Recommendations: For Guangzhou Polar Future...

CVE-2024-53794 WordPress Arkhe Blocks plugin <= 2.27.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ryo Arkhe Blocks arkhe-blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through = 2.27.0...

CVE-2024-53794 WordPress Arkhe Blocks plugin <= 2.27.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0...

PT-2024-35908 · Loos · Arkhe Blocks

Name of the Vulnerable Software and Affected Versions: LOOS,Inc. Arkhe Blocks versions n/a through 2.27.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that an attacker can inject...

WordPress plugin Arkhe Blocks 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

PT-2023-20202 · Unknown · Sbs20/Scanservjs

Name of the Vulnerable Software and Affected Versions: sbs20/scanservjs versions prior to 2.27.0 Description: The issue is related to OS Command Injection in the GitHub repository sbs20/scanservjs. Recommendations: For versions prior to 2.27.0, update to version 2.27.0 or later to resolve the iss...

Design/Logic Flaw

Dex is a federated OpenID Connect provider written in Go. In Dex before version 2.27.0 there is a critical set of vulnerabilities which impacts users leveraging the SAML connector. The vulnerabilities enables potential signature bypass due to issues with XML encoding in the underlying Go library...