CVE-2026-61456: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in getgrav grav
A cross-site scripting (XSS) vulnerability exists in the Grav API plugin before version 1.0.3. The plugin fails to sanitize SVG files uploaded via the POST /api/v1/media endpoint, allowing…
Read the full articleYou might also wanna read

CVE-2025-14773: Cross-Site Scripting Vulnerability in ABB T-MAC Plus (Version 4.0-24)
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue affects T-M
Adult Sites Embed Malicious Code in .SVG Files to Exploit Browsers
Running JavaScript from inside an image? What could possibly go wrong?
arstechnica.com·11mo ago
WAF - WAF Release - 2025-07-14
This week’s vulnerability analysis highlights emerging web application threats that exploit modern JavaScript behavior and SQL parsing ambig
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

WAF - WAF Release - 2025-12-01
This week’s release introduces new detections for remote code execution attempts targeting Monsta FTP (CVE-2025-34299), alongside improvemen

Comments
Sign in to join the conversation.
No comments yet. Be the first.