CVE-2026-23636

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

CVE-2022-23636

Wasmtime is an open source runtime for WebAssembly & WASI. Prior to versions 0.34.1 and 0.33.1, there exists a bug in the pooling instance allocator in Wasmtime's runtime where a failure to instantiate an instance for a module that defines an externref global will result in an invalid drop of a...

CVE-2025-23636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...

CVE-2023-23636

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

CVE-2025-23636

creationtimestamp| type| source ---|---|--- 2025-01-23 16:16:36+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lggbrm6thz2n 2025-01-23 16:55:05+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lggdwec5sv2r 2025-01-23 18:19:04+00:00| seen|...

CVE-2025-23636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...

CVE-2025-23636 WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...

CVE-2025-23636 WordPress My Favorite Car plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Dimitar A. My Favorite Car my-favorite-cars allows Reflected XSS.This issue affects My Favorite Car: from n/a through = 1.0...

CVE-2025-23636

CVE-2025-23636 is a reflected XSS vulnerability reported for the WordPress plugin “My Favorite Car” by Dimitar Atanasov. The description states an improper neutralization of input during web page generation, enabling reflected Cross-Site Scripting. Affected range is “My Favorite Car: from n/a thr...

com.alipay.sofa:sofa-boot-jacoco-report (>=3.18.0 <=3.25.0) potentially affected by CVE-2024-23636 via com.alipay.sofa:rpc-sofa-boot-starter (>=3.18.0 <=3.25.0)

com.alipay.sofa:rpc-sofa-boot-starter MAVEN version =3.18.0, =3.18.0, =3.25.0 Source cves: CVE-2024-23636 Source advisory: OSV:GHSA-7Q8P-9953-PXVR...

CVE-2024-23636

creationtimestamp| type| source ---|---|--- 2024-01-23 19:26:51+00:00| seen| https://t.me/ctinow/172252...

CVE-2024-23636 SOFARPC Remote Command Execution(RCE) Vulnerbility

SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there i...

CVE-2024-23636

SOFARPC (Java RPC framework) is vulnerable prior to version 5.12.0 due to a gadget chain that can bypass the Hessian blacklist used to restrict deserialization of potentially dangerous classes. The vulnerability is rooted in the Hessian-based deserialization thatCAN be manipulated by a gadget cha...

CVE-2023-23636

creationtimestamp| type| source ---|---|--- 2023-02-03 07:25:35+00:00| seen| https://t.me/cibsecurity/57442...

CVE-2023-23636

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the victim...

CVE-2023-23636

CVE-2023-23636 affects Jellyfin 10.8.x (through 10.8.3) where the playlist name is vulnerable to stored XSS, enabling an attacker to exfiltrate access tokens from the victim’s localStorage. The issue is documented across multiple sources (nvd, Red Hat advisory RH, GHSA, osv, cve-list) confirming ...

auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +80 more potentially affected by CVE-2022-23636 +1 more via wasmtime (>=0.10.0 <=0.37.0)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.1.0, =0.1.7 - lunatic-common-api =0.9.0 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:GHSA-7F6X-JWH5-M9R4...

abstraps (=0.1.8), aivm (>=0.2.0 <=0.3.0) +287 more potentially affected by CVE-2022-23636 +1 more via cranelift-codegen (>=0.14.0 <=0.84.0)

cranelift-codegen CARGO version =0.14.0, =0.2.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.2.9, =0.1.0, =0.2.0, =0.1.0, =0.1.0, =0.26.1, =0.30.1 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:GHSA-7F6X-JWH5-M9R4...

wasmtime-cli (=0.34.0) potentially affected by CVE-2022-23636 +1 more via wasmtime (=0.34.0)

wasmtime CARGO version =0.34.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmtime and may be impacted: - wasmtime-cli =0.34.0 Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:RUSTSEC-2022-0096...

auto-wasi (=0.1.0), ceres-executor (>=0.1.0 <=0.2.0) +44 more potentially affected by CVE-2022-23636 +1 more via wasmtime (>=0.10.0 <=0.33.0)

wasmtime CARGO version =0.10.0, =0.1.0, =0.40.1, =0.45.0, =0.1.0, =0.1.0, =0.3.3, =0.1.0, =0.8.0, =0.8.0, =0.9.0 - smoldot =0.2.0 and more Source cves: CVE-2022-23636, CVE-2022-31169 Source advisory: OSV:RUSTSEC-2022-0096...