Vulnerabilities

CVE-2026-23841 - Movary vulnerable to Cross-site Scripting with `?categoryCreated=` param

2026-01-19 0 views admin
CVE-2026-23841 - Movary vulnerable to Cross-site Scripting with `?categoryCreated=` param

CVE ID : CVE-2026-23841 Published : Jan. 19, 2026, 7:16 p.m. | 1 hour, 6 minutes ago Description : Movary is a web application to track, rate and explore your movie watch history. Due to insufficient input validation, attackers can trigger cross-site scripting payloads in versions prior to 0.70.0. The vulnerable parameter is `?categoryCreated=`. Version 0.70.0 fixes the issue. Severity: 9.3 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
CRITICAL
Published
Jan. 19, 2026

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-23841critical

More from Vulnerabilities

CVE-2026-23838 - Tandoor Recipes module allows SQLite database to be externally accessible with t...

CVE-2026-23838 - Tandoor Recipes module allows SQLite database to be externally accessible with t...

2026-01-19 0
CVE-2026-1172 - birkir prime GraphQL Directive graphql denial of service

CVE-2026-1172 - birkir prime GraphQL Directive graphql denial of service

2026-01-19 0
CVE-2026-1171 - birkir prime GraphQL Field graphql denial of service

CVE-2026-1171 - birkir prime GraphQL Field graphql denial of service

2026-01-19 0
CVE-2025-69198 - Pterodactyl's improper resource locking allows raced queries to create more reso...

CVE-2025-69198 - Pterodactyl's improper resource locking allows raced queries to create more reso...

2026-01-19 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views