Search Vulnerabilities

HAX CMS: Stored XSS via '<video-player>' component allows arbitrary JavaScript execution and token theft

Cisco Catalyst SD-WAN Controller Authenticated Privilege Escalation Vulnerability

GLPI has stored XSS in asset locks

CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection

Reflected XSS in authenticated agent context

pam_usb: Command injection via $TMUX environment variable leads to RCE as root

go-git: Improper single-quote escaping in go-git SSH transport

GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

NousResearch hermes-agent Slack Agent/Mattermost Agent escape output

CryptPad: Sanitizer Bypass in Diffmarked.js Allows Arbitrary HTML Injection and Potential XSS

CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output

MCP Registry: Stored XSS in catalogue UI via attribute-quote breakout in publisher-controlled `websiteUrl`

SiYuan: URL-encoded title bypasses `escapeAriaLabel`, decoded by `decodeURIComponent` into a tooltip-XSS

SiYuan: Bazaar marketplace renders unescaped package `name` and `version` metadata, allowing stored XSS and Electron code execution

Hono: CSS Declaration Injection via Style Object Values in JSX SSR

YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers

Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names

pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates

Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams