7.3
CVE-2025-67849 - Moodle: moodle: cross-site scripting (xss) via improper sanitization of ai prompt responses
A flaw was found in Moodle. This cross-site scripting (XSS) vulnerability, caused by improper sanitization of AI prompt responses, allows attackers to inject malicious HTML or script into web pages. When other users view these compromised pages, their sessions could be stolen, or the user interfaceβ¦
8.1
CVE-2025-67848 - Moodle: moodle: authentication bypass via lti provider allows suspended users to gain unauthorized β¦
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized accessβ¦
0.0
CVE-2026-1799 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate has been determined not to be a valid vulnerability. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
7.1
CVE-2025-59902 - HTML injection in NICE Chat
HTML injection vulnerability in NICE Chat. This vulnerability allows an attacker to inject and render arbitrary HTML content in email transcripts by modifying the 'firstName' and 'lastName' parameters during a chat session. The injected HTML is included in the body of the email sent by the system, β¦
5.1
CVE-2025-41065 - Stored Cross-Site Scripting (XSS) in LUNA from Luna Imaging
Stored Cross-Site Scripting (XSS) vulnerability type in LUNA software v7.5.5.6. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by inyecting a malicious payload through the 'Edit Batch Name' function. THe payload is stored by the application and subsequentlyβ¦
7.6
CVE-2025-8461 - Reflected XSS in Seres Software's syWEB
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Seres Software syWEB allows Reflected XSS.This issue affects syWEB: through 03022026.Β NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
7.6
CVE-2025-8456 - Reflected XSS in Kod8 Software's Kod8 Individual and SME Website
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kod8 Software Technologies Trade Ltd. Co. Kod8 Individual and SME Website allows Reflected XSS.This issue affects Kod8 Individual and SME Website: through 03022026.Β NOTE: The vendor was coβ¦
6.3
CVE-2026-1592 - Stored XSS via Create New Layer Field found in Foxit PDF Editor Cloud
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the Create New Layer feature. Unsanitized user input is embedded into the HTML output, allowing arbitrary JavaScript execution when the layer is referenced. This issue affects pdfonline.foxit.com: before 202β¦
6.3
CVE-2026-1591 - Stored XSS via Attachments Feature in https://pdfonline.foxit.com/
Foxit PDF Editor Cloud (pdfonline) contains a stored cross-site scripting vulnerability in the file upload feature. A malicious username is embedded into the upload file list without proper escaping, allowing arbitrary JavaScript execution when the list is displayed. This issue affects pdfonline.fβ¦
8.8
CVE-2026-1730 - OS DataHub Maps <= 1.8.3 - Authenticated (Author+) Arbitrary File Upload
The OS DataHub Maps plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'OS_DataHub_Maps_Admin::add_file_and_ext' function in all versions up to, and including, 1.8.3. This makes it possible for authenticated attackers, with Author-level access β¦