Exploit for Cross-site Scripting in Pw Omega-Psir

CVE-2026-1434: Omega-PSIR is vulnerable to Reflected XSS via t...

CVE-2026-1434

Omega-PSIR is affected by a Reflected XSS vulnerability in the lang parameter. An attacker can craft a malicious URL that, when opened by a user, causes arbitrary JavaScript to execute in the victim’s browser. The issue has a fixed version: 4.6.7. The CVSS data indicates Network attack vector, lo...

CVE-2026-1434

Omega-PSIR is vulnerable to Reflected XSS via the lang parameter. An attacker can craft a malicious URL that, when opened, causes arbitrary JavaScript to execute in the victim’s browser. This issue was fixed in 4.6.7...

Advisory ROSA-SA-2026-3125

Software: qbittorrent 4.6.7 OS: ROSA-CHROME unaffected versions = qbittorrent-4.6.7-2 affected versions qbittorrent-4.6.7-2 CVE-ID: CVE-2025-54310 BDU-ID: 2025-11251 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the cross-platform BitTorrent client qBittorrent is related to the lack of validatio...

CVE-2025-69024

Missing Authorization vulnerability in bizswoop BizPrint print-google-cloud-print-gcp-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizPrint: from n/a through = 4.6.7...

CVE-2025-69024

Technical details for CVE-2025-69024 are not provided in the supplied documents; no product/version, exploitation, or remediation specifics are available here—monitor for official updates.

PT-2025-53905

Name of the Vulnerable Software and Affected Versions bizswoop BizPrint versions through 4.6.7 Description An authorization issue exists within bizswoop BizPrint, allowing exploitation due to incorrectly configured access control security levels. This allows unauthorized access. Recommendations...

EUVD-2006-6277

Malware in sbrugna...

EUVD-2023-49370

Malicious code in bioql PyPI...

SUSE CVE-2019-10195

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...

WordPress YouTube Playlist Player Plugin <= 4.6.7 is vulnerable to Cross Site Scripting (XSS)

Software YouTube Playlist Player Type Plugin Vulnerable versions = 4.6.7 Fixed in 4.6.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-45049 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a841ece82073 Credits yuyudhn Require...

Mageia: Security Advisory (MGASA-2017-0326)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2019-22

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...

PYSEC-2019-168

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA's batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with...

MGASA-2017-0326 Updated samba packages fix security vulnerability

Jeffrey Altman, Viktor Dukhovni, and Nicolas Williams discovered that Samba clients incorrectly trusted unauthenticated portions of Kerberos tickets. A remote attacker could use this to impersonate trusted network servers or perform other attacks CVE-2017-11103. The samba package has been updated...

Security update for samba and resource-agents (important)

This update provides Samba 4.6.7, which fixes the following issues: - CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext the Ticket rather than the authenticated and encrypted KDC response. bsc1048278 - Fix cephwrapchdir. bsc1048790 - Fix ctdb logs to /var/log/log.ctdb...

openSUSE Security Update : samba and resource-agents (openSUSE-2017-987) (Orpheus' Lyre)

This update provides Samba 4.6.7, which fixes the following issues : - CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext the Ticket rather than the authenticated and encrypted KDC response. bsc1048278 - Fix cephwrapchdir. bsc1048790 - Fix ctdb logs to /var/log/log.ctdb...

openSUSE: Security Advisory for samba (openSUSE-SU-2017:2311-1)

The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

SUSE SLED12 / SLES12 Security Update : samba / resource-agents (SUSE-SU-2017:2237-1) (Orpheus' Lyre)

This update provides Samba 4.6.7, which fixes the following issues : - CVE-2017-11103: Metadata were being taken from the unauthenticated plaintext the Ticket rather than the authenticated and encrypted KDC response. bsc1048278 - Fix cephwrapchdir. bsc1048790 - Fix ctdb logs to /var/log/log.ctdb...

Fedora 24 : kernel (2016-5e24d8c350)

The 4.6.7 update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing...