40676 matches found
XWiki >= 2.5-milestone-2 - Cross-Site Scripting
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page XSS. It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as:...
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/takeaction.php?id=. id: CVE-2022-31984 info: name: Online Fire Reporting System v1.0 - SQL injection author: theamanrawat severity: high description: | Online Fire Reporting System v1.0 is vulnerable to SQL...
[SECURITY] Fedora 43 Update: attr-2.6.0-1.fc43
A set of tools for manipulating extended attributes on filesystem objects, in particular getfattr1 and setfattr1. An attr1 command is also provided which is largely compatible with the SGI IRIX tool of the same name...
[SECURITY] [DSA 6387-1] chromium security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6387-1 [email protected] https://www.debian.org/security/ Andres Salomon July 11, 2026 https://www.debian.org/security/faq -...
CVE-2026-57218 RabbitMQ: AMQP 0-9-1 in combination with OAuth 2: consumer persistence can lead to post-revocation message disclosure
RabbitMQ is a messaging and streaming broker. Prior to 4.2.6, RabbitMQ AMQP 0-9-1 allows an existing consumer to keep receiving messages after OAuth token expiry or connection.updatesecret refresh to reduced scopes because existing consumers are not canceled or reauthorized at delivery time after...
CVE-2026-21052
Path traversal in SemClipboardService prior to SMR Jul-2026 Release 1 allows local privileged attackers to access files with system privilege...
CVE-2026-44342
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...
CVE-2026-44342
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...
CVE-2026-44342
CVE-2026-44342 describes a CSRF vulnerability in the New API where GET requests on state-changing endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind could allow an attacker to bind an email or OAuth identity for a logged-in user when session cookies are susceptible to cross-site n...
CVE-2026-44342 New API CSRF in email and WeChat account binding endpoints
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the email and WeChat account binding endpoints GET /api/oauth/email/bind and GET /api/oauth/wechat/bind used GET requests for state-changing account operations, allowing a...
CVE-2026-33655 New API: SSRF Protection Bypass via Unresolved Hostname in Notification URLs
New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to 0.12.0-alpha.1, the default SSRF protection configuration did not apply IP filtering to hostnames; with ApplyIPFilterForDomain disabled by default, URL validation checked domain allow/blo...
[SECURITY] [DSA 6385-1] pgextwlist security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6385-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 08, 2026 https://www.debian.org/security/faq -...
CVE-2026-52985 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52985 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-52963 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52963 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-53001 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-53037 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-53037 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-53004 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-53004 affecting package kernel for versions less than 6.6.143.1-1. An upgraded version of the package is available that resolves this issue...
CVE-2026-52962 affecting package kernel for versions less than 6.6.143.1-1
CVE-2026-52962 affecting package kernel for versions less than 6.6.143.1-1. A patched version of the package is available...
CVE-2026-10698
CVE-2026-10698 is an Improper Neutralization of Special Elements in Data Query Logic vulnerability in Progress MOVEit Transfer, specifically affecting the Custom Reports module . Affected versions are MOVEit Transfer 2025.0.0–before 2025.0.8, 2025.1.0–before 2025.1.4, and 2026.0.0–before 2026.0.1...
[SECURITY] Fedora 43 Update: firefox-152.0.4-1.fc43
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...