CVE-2026-23499 Saleor vulnerable to stored XSS via Unrestricted File Upload

Saleor is an e-commerce platform. Starting in version 3.0.0 and prior to versions 3.20.108, 3.21.43, and 3.22.27, Saleor allowed authenticated staff users or Apps to upload arbitrary files, including malicious HTML and SVG files containing Javascript. Depending on the deployment strategy, these...

PT-2024-20939 · Bytecode Alliance · Wasm-Micro-Runtime

Name of the Vulnerable Software and Affected Versions: bytecodealliance wasm-micro-runtime versions before v.b3f728c Description: The issue allows a remote attacker to escalate privileges via a crafted file to the check was abi compatibility function. Recommendations: For versions before v.b3f728...