EUVD-2026-14525

MantisBT has Stored HTML Injection/XSS when displaying Tags in Timeline...

CVE-2026-33548 MantisBT has Stored HTML Injection / XSS when displaying Tags in Timeline

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, improper escaping of tag names retrieved from History in Timeline myviewpage.php allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript, when displaying a tag that has...

CVE-2026-33517 MantisBT Vulnerable to Stored HTML Injection in Tag Delete Confirmation

Mantis Bug Tracker MantisBT is an open source issue tracker. In version 2.28.0, when deleting a Tag tagdelete.php, improper escaping of its name when displaying the confirmation message allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript. Versi...

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Version 2.28.0 of Mantis Bug Tracker contains a cross-site scripting vulnerability. This vulnerability arises from improper escaping of tag names in the timeline, which may lead to cross-site scripting...

Mantis Bug Tracker 跨站脚本漏洞

Mantis Bug Tracker MantisBT is an open-source bug tracker developed by Mantis Bug Tracker. Version 2.28.0 of Mantis Bug Tracker contains a cross-site scripting vulnerability. This vulnerability arises from improper name escaping when deleting tags, which may lead to cross-site scripting attacks...

EUVD-2026-3131

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...

CVE-2022-26246

TMS v2.28.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /TMS/admin/setting/mail/createorupdate...

Exploit for CVE-2025-6440

🔓 WC Designer Pro - RCE Exploit Unauthenticated Remote Co...

EUVD-2025-18102

Malicious code in bioql PyPI...

EUVD-2022-30809

Malicious code in bioql PyPI...

CVE-2025-57800

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie,...

CVE-2025-57800 Audiobookshelf vulnerable to OIDC token exfiltration and account takeover

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie,...

CVE-2025-5687

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.. This vulnerability was fixed in Mozilla VPN 2.28.0 macOS...

CVE-2025-5687 Local privilege escalation vulnerability in Mozilla VPN clients for macOS v2.27.0 and below.

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.. This vulnerability was fixed in Mozilla VPN 2.28.0 macOS...

CVE-2025-5687 Local privilege escalation vulnerability in Mozilla VPN clients for macOS v2.27.0 and below.

A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.. This vulnerability was fixed in Mozilla VPN 2.28.0 macOS...

CVE-2025-5687

Summary: CVE-2025-5687 affects Mozilla VPN on macOS and allows privilege escalation from a normal user to root. The issue is limited to macOS builds of Mozilla VPN; other OSes are unaffected. Affected product/version: Mozilla VPN on macOS, specifically versions prior to 2.28.0 (macOS). Root cause...

PT-2025-2201 · WordPress · The Image Source Control Lite

Name of the Vulnerable Software and Affected Versions: The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress versions up to, and including, 2.28.0 Description: The plugin is vulnerable to Reflected Cross-Site Scripting via the path parameter due to insufficient inpu...

Static Web Server 安全漏洞

Static Web Server is a static web server from the German company Static Web Server. A security vulnerability exists in Static Web Server SWS versions 2.28.0 and earlier that originates from a vulnerability that allows an attacker to upload a malicious filename to execute JavaScript code in the we...

TMS Security Vulnerabilities

TMS is a channel-based team communication and collaboration + lightweight task dashboard for weicheng individual developers. A security vulnerability exists in xiweicheng TMS version v.2.28.0, which stems from a cross-site scripting XSS vulnerability. An attacker can exploit the vulnerability to...

SUSE CVE-2020-10018

WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 which are the versions right before 2.28.0 contains a memory corruption issue use-after-free that may lead to arbitrary code execution. This issue has been fixed in 2.28.0 with improved memory handling...