CVE-2026-32696

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

CVE-2026-32696 NanoMQ HTTP Auth: Missing username/password can trigger a NULL-pointer strlen() in auth_http.c:set_data(), causing a process crash — SIGSEGV, remotely triggerable

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In NanoMQ version 0.24.6, after enabling auth.httpauth HTTP authentication, when a client connects to the broker using MQTT CONNECT without providing username/password, and the configuration params uses the placeholders %u / %P...

EUVD-2025-32696

Malicious code in solarpeng125 npm...

CVE-2024-32696

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6...

CVE-2023-32696

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

CVE-2021-32696

The npm package "striptags" is an implementation of PHP's striptags in Typescript. In striptags before version 3.2.0, a type-confusion vulnerability can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be abused by an attack...

MediaWiki < 1.39.12, 1.40.x < 1.42.6, 1.43.x < 1.43.1 Multiple Vulnerabilities - Linux

MediaWiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

CVE-2025-32696

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...

CVE-2025-32696

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...

CVE-2025-32696

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...

CVE-2025-32696

Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1...

CVE-2025-32696

CVE-2025-32696 (MediaWiki) is an improper preservation of permissions issue tied to RevertAction and ApiFileRevert, enabling bypass of the "reupload-own" restriction. Affected: MediaWiki before 1.39.12, 1.42.6, 1.43.1; root cause per Debian advisory involves bypass via reverting files. Remediatio...

CVE-2024-32696

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6...

CVE-2024-32696 WordPress AI Infographic Maker OpenAI plugin <= 4.6.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6...

CVE-2024-32696 WordPress AI Infographic Maker OpenAI plugin <= 4.6.6 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in QuantumCloud Infographic Maker – iList allows Stored XSS.This issue affects Infographic Maker – iList: from n/a through 4.6.6...

CVE-2024-32696

CVE-2024-32696 affects AI Infographic Maker (Infographic and List Builder iList). It is an authenticated Stored XSS due to improper input neutralization during web page generation. Affected versions shown as ≤ 4.6.6 in the initial document; connected document indicates a fix was released in 4.6.7...

WordPress Infographic Maker – iList Plugin <= 4.6.6 is vulnerable to Cross Site Scripting (XSS)

Software Infographic Maker – iList Type Plugin Vulnerable versions = 4.6.6 Fixed in 4.6.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-32696 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID baa0cb27dbc1 Credits Khalid Yusuf Required...

CVE-2023-32696 Excessive permissions for ckan user

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

CVE-2023-32696

CVE-2023-32696 affects CKAN where, prior to versions 2.9.9 and 2.10.1, the ckan user (www-data) owned code/files inside the Docker container and could use sudo. This permission set could enable code execution or privilege escalation if an arbitrary file write bug existed. The vulnerability has pa...

CVE-2023-32696 Excessive permissions for ckan user

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...