CVE-2026-0160

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-39575

updatediskpsubaseline.sh requires password in plain text...

CVE-2026-0160

CVE-2026-0160 describes an out-of-bounds write in TextRtpPayloadDecoderNode::DecodeT140 within TextRtpPayloadDecoderNode.cpp. The missing bounds check enables remote code execution with no extra privileges and no user interaction required. Connected sources (CVE list entry and OSV entry) reiterat...

CVE-2024-39575

Technical details are not publicly available in the provided documents; monitor for updates.

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

SuperWebMailer 9.00.0.01710 - Cross-Site Scripting

An issue was discovered in SuperWebMailer 9.00.0.01710 allowing XSS via crafted incorrect passwords. id: CVE-2023-38192 info: name: SuperWebMailer 9.00.0.01710 - Cross-Site Scripting author: ritikchaddha severity: medium description: | An issue was discovered in SuperWebMailer 9.00.0.01710 allowi...

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting XSS vulnerability in /index.php?module=configuration/application. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Copyright Text field after clicking...

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

Telesquare TLR-2855KS6 - Arbitrary File Creation

An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow creation of CGI scripts. id: CVE-2021-46418 info: name: Telesquare TLR-2855KS6 - Arbitrary File Creation author: DhiyaneshDK severity: high description: | An unauthorized file creation vulnerability in...

Advanced Text Widget < 2.0.2 - Cross-Site Scripting

A cross-site scripting XSS vulnerability in advancedtext.php in Advanced Text Widget plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. id: CVE-2011-4618 info: name: Advanced Text Widget 2.0.2 - Cross-Site Scripting author:...

Twittee Text Tweet <= 1.0.8 - Cross-Site Scripting

The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen. id: CVE-2023-0602 info: name: Twittee Text Tweet =...

CVE-2026-6047

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

@angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

GHSA-HQR9-C56F-3X7F @angular/platform-server: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of raw-text elements such as , , and . domino supports escaping raw-text elements during serialization to prevent closing-tag breakout. However, a Unicode ind...

EUVD-2026-36737

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

CVE-2026-6047

CVE-2026-6047 : LibreOffice is affected during OOXML (DOCX) import of a text box element. The issue is a heap buffer overflow that occurs when replaying deferred parser events; a handler object may be written using a layout for a larger type, causing writes past the allocation end. The root cause...

CVE-2026-6047 Heap buffer overflow in OOXML text box element import

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

CVE-2026-6047 Heap buffer overflow in OOXML text box element import

LibreOffice can import documents in the OOXML format DOCX. A heap buffer overflow existed when replaying deferred parser events for a text box element. A handler object was assumed to be of one type and written to at that type's field layout, but it could be a smaller object, so the write landed...

The Onboarding Password Mistake That Creates Unnecessary Risk

Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe. That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The issue is that these...

PT-2026-49566

A Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino when serializing the content of elements. When rendering dynamic text content inside a element via template bindings such as value or textContent, the template engine expects the browser ...