100 matches found
CVE-2026-44580 Next.js: Cross-site scripting in beforeInteractive scripts with untrusted input
Next.js is a React framework for building full-stack web applications. From 13.0.0 to before 15.5.16 and 16.2.5, applications that use beforeInteractive scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions, serialized script content was not escap...
CVE-2026-44580
CVE-2026-44580 – Next.js : Cross-site scripting in beforeInteractive scripts with untrusted input. Affected: Next.js 13.0.0 through before 15.5.16 and 16.2.5. Root cause: serialized script content was not escaped safely before embedding into the document, allowing attacker-controlled input to bre...
CVE-2026-43507
An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections...
CVE-2026-43506
CVE-2026-43506 affects Prosody: memory exhaustion-based DoS from unauthenticated connections. Vulnerable are Prosody releases prior to 0.12.6 and 1.0.0 through 13.0.4 (before 13.0.5). Impact is denial of service via memory leaks; no exploitation details are provided in the documents. Remediation:...
Prosody 安全漏洞
Prosody is an instant messaging server software from Prosody Open Source. A security vulnerability exists in Prosody versions prior to 0.12.6, 1.0.0 through 13.0.0, and prior to 13.0.5, which stems from an amplified XML parsing resource over an unauthenticated connection that could result in a...
passport 授权问题漏洞
Passport is a Node.js authentication middleware developed by Jared Hanson, a personal developer in the United States. Versions of Passport prior to 13.0.0 and 13.7.1 had an authorization vulnerability. This vulnerability stemmed from an client-credentials token authentication process, which could...
Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to cross-site scripting (CVE-2026-25896)
Summary Node.js module fast-xml-parser is used by IBM App Connect Enterprise Certified Container. IBM App Connect Enterprise Certified Container operands are vulnerable to cross-site scripting. This bulletin provides patch information to address the reported vulnerability in Node.js module...
OpenStack Vitrage: Unauthorized Access to the Host can Lead to Eval Injection
In the query parser in OpenStack Vitrage before 12.0.1, 13.0.0, 14.0.0, and 15.0.0, a user allowed to access the Vitrage API may trigger code execution on the Vitrage service host as the user the Vitrage service runs under. This may result in unauthorized access to the host and further compromise...
Linux Distros Unpatched Vulnerability : CVE-2026-2327
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/...
UBUNTU-CVE-2026-2327
Versions of the package markdown-it from 13.0.0 and before 14.1.1 are vulnerable to Regular Expression Denial of Service ReDoS due to the use of the regex /+$/ in the linkify function. An attacker can supply a long sequence of characters followed by a non-matching character, which triggers...
Huawei EMUI和Huawei HarmonyOS 安全漏洞
Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...
[SECURITY] Fedora 42 Update: python-unicodedata2-17.0.0-1.fc42
This module provides access to the Unicode Character Database UCD which defines character properties for all Unicode characters. The data contained in this database is compiled from the UCD version 13.0.0. The versions of this package match Unicode versions, so unicodedata2=3D=3D13. 0.0 is data...
CVE-2025-66402
Misskey CVE-2025-66402 affects versions 13.0.0-beta.16 through before 2025.12.0, where an actor without permission to view favorites or clips could export posts and view contents, exposing private data. Version 2025.12.0 fixes the issue. The vulnerability stems from the export functionality not e...
EUVD-2025-200113
mdast-util-to-hast has unsanitized class attribute...
Malicious code in @eqder/bird (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7acc999c2ea175e62266081a166ad731b10ac9621b965f28186121fbece6a1bb The package @eqder/bird was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-48946 Malicious code in @eqder/bird (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7acc999c2ea175e62266081a166ad731b10ac9621b965f28186121fbece6a1bb The package @eqder/bird was found to contain malicious code. Source: ossf-package-analysis...
EUVD-2025-35423
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through = 13.0.0...
CVE-2025-60135 WordPress WeShare Buttons Plugin <= 13.0.0 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in NIKITAS GEORGOPOULOS WeShare Buttons e-mailit allows Stored XSS.This issue affects WeShare Buttons: from n/a through = 13.0.0...
EUVD-2017-15216
Malware in sbrugna...
EUVD-2019-16153
Malware in sbrugna...