CVE-2026-41704

creationtimestamp| type| source ---|---|--- 2026-05-27 09:58:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmtao64q3s2p...

CVE-2026-41704

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

CVE-2026-41704 Compromised VM can make arbitrary blobstore deletes

AgentClienthandlemethod lines 264-303 processes every NATS reply. It calls injectcompilelog line 273 on every response, which reads response'value''result''compilelogid' line 332-338 and passes it to downloadanddeleteblob. Separately, any response containing 'exception' goes through formatexcepti...

CVE-2026-41704

CVE-2026-41704 affects BOSH Director prior to v282.1.12. The issue arises from AgentClient#handle_method handling NATS responses: it may invoke inject_compile_log and format_exception, and the blobstore resource flow calls ResourceManager#get_resource(blob_id) followed by ResourceManager#delete_r...

EUVD-2025-41704

Malicious code in agus-wajit26-miaww npm...

CVE-2025-41704

creationtimestamp| type| source ---|---|--- 2025-10-14 13:40:15+00:00| seen| https://infosec.exchange/users/certvde/statuses/115372799750920973 2025-10-17 08:37:13+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3m3eulxahcx2d 2025-10-18 07:11:13+00:00| seen|...

CVE-2025-41704

CVE-2025-41704 describes an unauthenticated DoS against the Modbus service by sending a crafted function and sub-function code. Public sources constrain affected products to Phoenix Contact and related QUINT4 modules, with references indicating multiple QUINT4-UPS/24DC/24DC/5/EIP, 10/EIP, and 20/...

Linux Distros Unpatched Vulnerability : CVE-2022-41704

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code from an SVG. This issue affects Apache XML Graphics prior to 1.16...

CVE-2024-41704

creationtimestamp| type| source ---|---|--- 2024-07-22 07:46:24+00:00| seen| https://t.me/cvedetector/1377...

openSUSE Security Advisory (SUSE-SU-2024:0808-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2024-0068)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : xmlgraphics-batik (SUSE-SU-2024:0808-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0808-1 advisory. - A vulnerability in Batik of Apache XML Graphics allows an attacker to run untrusted Java code...

CVE-2023-41704

creationtimestamp| type| source ---|---|--- 2024-02-12 10:21:57+00:00| seen| https://t.me/ctinow/182999 2024-03-03 15:22:03+00:00| seen| https://t.me/ctinow/198782...

CVE-2023-41704

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved...

CVE-2023-41704

Processing of CID references at E-Mail can be abused to inject malicious script code that passes the sanitization engine. Malicious script code could be injected to a users sessions when interacting with E-Mails. Please deploy the provided updates and patch releases. CID handing has been improved...

CVE-2023-41704

CVE-2023-41704 affects the Open-Xchange App Suite (email client) where processing of CID references in email messages can be abused to inject malicious script that bypasses the sanitization engine. This could enable script execution in a user’s session when interacting with emails. The advisory r...

GLSA-202401-11 : Apache Batik: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202401-11 Apache Batik: Multiple Vulnerabilities - In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream as the class name which then use it to call the...

Ubuntu: Security Advisory (USN-6117-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : Apache Batik vulnerabilities (USN-6117-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6117-1 advisory. It was discovered that Apache Batik incorrectly handled certain inputs. An attacker could possibly use this to perfor...

Amazon Linux 2 : batik (ALAS-2023-1966)

The version of batik installed on the remote host is prior to 1.8-0.12.svn1230816. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1966 advisory. Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the...