117 matches found
CVE-2026-45323
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...
CVE-2026-45323 MeshCore Card: XSS vulnerability through meshcore node name
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...
CVE-2026-45323
Summary: CVE-2026-45323 affects MeshCore Card for Home Assistant. Before version 0.3.3, node names in the meshcore-card were rendered without HTML escaping, enabling an attacker within direct or indirect (repeated) radio range to inject arbitrary JavaScript in the Home Assistant frontend of any v...
CVE-2026-45323
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...
PT-2026-44460
MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...
MeshCore Card 跨站脚本漏洞
The MeshCore Card is a Home Assistant card developed by John Pettitt, designed to display statistical data related to the MeshCore grid network. Versions of the MeshCore Card prior to 0.3.3 contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the names of...
WordPress Login with NEAR plugin <= 0.3.3 - Authentication Bypass vulnerability
Authentication Bypass vulnerability discovered by g0wthr in WordPress Plugin Login with NEAR versions = 0.3.3...
CVE-2026-8994
The Login with NEAR plugin for WordPress up to version 0.3.3 is vulnerable to authentication bypass. The ajaxLoginWithNear() function, exposed as wp_ajax_nopriv, accepts an attacker-controlled account POST parameter and authenticates a user based solely on a substring check for .near, with no non...
Missing Authorization
Overview openviking is an An Agent-native context database Affected versions of this package are vulnerable to Missing Authorization via the task polling. An attacker can access sensitive metadata belonging to other users by sending unauthenticated requests to the /api/v1/tasks and...
CVE-2026-22680
The vulnerability affects OpenViking prior to version 0.3.3, where the task polling endpoints (/api/v1/tasks and /api/v1/tasks/{task_id}) allow unauthenticated access. Root cause: missing authorization on task polling exposes background task metadata (task type, status, resource identifiers, arch...
OpenViking 安全漏洞
OpenViking is an open-source artificial intelligence agent-based context database developed by Volcengine. Versions of OpenViking prior to 0.3.3 contained security vulnerabilities. These vulnerabilities stemmed from lack of authorization, which could allow unauthorized attackers to enumerate or...
0utmailauth (=1.0.0), 0xsodium (>=0.2.0 <=0.14.0) +13743 more potentially affected by CVE-2026-1525 via undici (>=0.3.3 <=6.23.0)
undici NPM version =0.3.3, =0.2.0, =1.0.0, =0.2.0, =0.1.0, =0.0.1, =1.0.21, =1.0.1, =2.1.0, =2.1.0, =2.1.1 and more Source cves: CVE-2026-1525 Source advisory: OSV:GHSA-2MJP-6Q6P-2QXM...
CVE-2025-15129
A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be execute...
CVE-2025-15129 ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.php upload code injection
A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be execute...
PT-2025-53644
Name of the Vulnerable Software and Affected Versions ChenJinchuang Lin-CMS-TP5 versions up to 0.3.3 Description A flaw exists in ChenJinchuang Lin-CMS-TP5 that allows for remote code injection. The issue is located in the Upload function within the LocalUploader.php file of the File Upload Handl...
EUVD-2021-1553
Malware in sbrugna...
EUVD-2005-4838
Malware in sbrugna...
EUVD-2018-1899
Malware in sbrugna...
EUVD-2019-5052
Malware in sbrugna...
EUVD-2025-25336
Malicious code in bioql PyPI...