11603 matches found
CVE-2026-31981 HTML injection in Diagram tab and Graph view in Guardian/CMC before 26.2.0
A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...
CVE-2026-31981
A stored HTML injection vulnerability affects the Diagram tab and Graph view of Guardian/CMC (N2OS) prior to 26.2.0. An authenticated administrator can inject HTML into configuration data via multiple input vectors; when viewed by others, the HTML may render and enable phishing or open redirects....
EUVD-2026-42531
A Stored HTML Injection vulnerability was discovered in the Diagram tab and Graph view due to a shared input validation function being insufficiently restrictive. An authenticated user with administrative privileges can inject malicious HTML tags into N2OS configuration data through multiple inpu...
WPBot <= 8.4.9 - Cross-Site Scripting
WPBot = 8.4.9 is vulnerable to stored cross-site scripting via the conversation parameter in the qcldwbchatbotconversationsave AJAX action. The AJAX nonce qcsecretbotnonceval123qc is publicly emitted on every frontend page via wplocalizescript under the ajaxnonce key, making it freely obtainable ...
Dashy <= 4.3.6 - Reflected XSS via Workspace
Dashy versions up to 4.3.6 contain a reflected cross-site scripting vulnerability in the workspace view. The url query parameter is passed directly to an iframe src attribute without scheme validation, allowing an attacker to inject javascript: URIs that execute arbitrary JavaScript in the contex...
CVE-2026-15137 code-projects Interview Management System View.php sql injection
A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2026-15137
CVE-2026-15137 affects code-projects Interview Management System 1.0. The vulnerability arises from insecure handling of the input argument ID in file inc\classes\View.php , which enables SQL injection . The issue is exploitable remotely with no authentication, and public exploits are reported. C...
EUVD-2026-42493
A weakness has been identified in code-projects Interview Management System 1.0. This vulnerability affects unknown code of the file \inc\classes\View.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...
CVE-2025-12506
GitLab CE/EE had a vulnerability (CVE-2025-12506) across all affected branches: 16.5–before 18.11.7, 19.0–before 19.0.4, and 19.1–before 19.1.2, where under certain conditions an authenticated user could create a repository in which the content shown in the web interface differed from the content...
CVE-2026-60124
An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...
EUVD-2026-42239
An authorization bypass in MISP’s EventsController::importModule allowed authenticated users or read-only API keys with event view access to persist data to events they were not allowed to modify. When an import module returned results in the mispstandard format, the write path did not verify eve...
CVE-2026-13128
Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...
CVE-2026-13128
Embedding JavaScript within a PDF file will cause the page to be deleted. Subsequent scripts will continue to access the relevant properties of the document view, eventually leading to the crash of the application...
CVE-2026-36163
An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file...
CVE-2026-48950
Lack of escaping leads to an XSS vulnerability in the file management view of comtemplates...
CVE-2026-48952
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
EUVD-2026-42070
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-48952
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...
CVE-2026-48952 Joomla! Core - [20260706] - XSS in com_installer
Lack of escaping leads to an XSS vulnerability in the update list view of cominstaller...