Astra Linux - уязвимость в memcached

Memcached 1.6.7 allows a Denial of Service attack through multi-packet uploads in UDP...

CVE-2026-41200

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

CVE-2026-41200 STIG Manager has reflected XSS vulnerability in the Web App

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

PT-2026-34595

STIG Manager is an API and web client for managing Security Technical Implementation Guides STIG assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scripting XSS vulnerability in the OIDC authentication error handling code in src/init.js and...

STIG Manager 跨站脚本漏洞

STIG Manager is an information security compliance assessment management tool open source by NUWCDIVNPT. Versions 1.5.10 to 1.6.7 of STIG Manager have a cross-site scripting vulnerability. This vulnerability stems from improper handling of OIDC authentication errors, where innerHTML is written...

CVE-2026-25356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through 1.6.7...

CVE-2026-24391

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through = 1.6.7...

CVE-2026-25356

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through 1.6.7...

CVE-2026-24391

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through = 1.6.7...

CVE-2026-25356 WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through 1.6.7...

CVE-2026-25356 WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in skygroup Yobazar yobazar allows Reflected XSS.This issue affects Yobazar: from n/a through 1.6.7...

CVE-2026-25356

The CVE-2026-25356 entry affects WordPress/Yobazar theme versions prior to 1.6.7, with a Reflected Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation. The issue enables an attacker to inject scripts that execute in other users’ browsers, aligning wi...

CVE-2026-24391 WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ThemeMakers Car Dealer cardealer allows Reflected XSS.This issue affects Car Dealer: from n/a through = 1.6.7...

CVE-2026-24391

The connected document identifies a concrete vulnerability: WordPress Car Dealer theme versions ≤ 1.6.7 suffers a reflected Cross-Site Scripting (XSS) vulnerability. The issue is caused by input that is reflected back to the user without proper sanitization, enabling an attacker to run arbitrary ...

PT-2026-27859

Name of the Vulnerable Software and Affected Versions ThemeMakers Car Dealer versions n/a through 1.6.7 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, which can lead to reflected cross-site scripting XSS. This allows an attacker to...

WordPress Car Dealer theme <= 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Car Dealer versions = 1.6.7...

WordPress Yobazar theme < 1.6.7 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Tran Nguyen Bao Khanh VCI - VNPT Cyber Immunity in WordPress Theme Yobazar versions 1.6.7...

CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

UBUNTU-CVE-2026-28802

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...

CVE-2026-28802 Authlib: Setting `alg: none` and a blank signature appears to bypass signature verification

Authlib is a Python library which builds OAuth and OpenID Connect servers. From version 1.6.5 to before version 1.6.7, previous tests involving passing a malicious JWT containing alg: none and an empty signature was passing the signature verification step without any changes to the application co...