PYSEC-2026-116

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation...

CVE-2025-61781 GraphQL IDOR allows authenticated user to delete workspace content of other users

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.8.1, the GraphQL mutation "WorkspacePopoverDeletionMutation" allows users to delete workspace-related objects such as dashboards and investigation cases. However, the mutation...

Unraid < 6.8.1 Multiple Vulnerabilities

The remote host is running a version of Unraid prior to 6.8.1. It is, thereforce, affected by multiple vulnerabilities: - Unraid through 6.8.0 allows Remote Code Execution. CVE-2020-5847 - Unraid 6.8.0 allows authentication bypass. CVE-2020-5849 Note that Nessus has not tested for this issue but...

EUVD-2024-51992

Malicious code in bioql PyPI...

EUVD-2023-35974

Malicious code in bioql PyPI...

WordPress Coupon Affiliates Plugin <= 6.8.0 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by Legion Hunter in WordPress Plugin Coupon Affiliates versions = 6.8.0...

Linux Distros Unpatched Vulnerability : CVE-2024-29203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's content insertion code. This allowed iframe...

CVE-2025-53256

CVE-2025-53256 describes an SQL Injection vulnerability in the WordPress plugin YaySMTP (YayCommerce) stemming from improper neutralization of SQL elements. Public references indicate the issue affects YaySMTP up to version 2.6.5 (and Patchstack lists a later patched release, e.g., 2.6.6, as addr...

Qt 后置链接漏洞

Qt is a cross-platform application development framework from the Qt open source. A backlink vulnerability exists in Qt versions 5.15.18 and earlier, 6.0.0 through 6.5.8, and 6.6.0 through 6.8.1, which stems from improper link resolution and can lead to symbolic link attacks and the use of...

Taiga 安全漏洞

Taiga is a free open source project management tool from Taiga Open Source. A security vulnerability exists in Taiga version v6.8.1, which stems from the inclusion of a CSV injection issue that could lead to arbitrary code execution...

PT-2024-35776 · Taiga · Taiga

Name of the Vulnerable Software and Affected Versions: Taiga version 6.8.1 Description: The issue allows attackers to redirect users to arbitrary websites by appending a crafted link to the /login?next= parameter in the login page URL. This can potentially lead to unauthorized access...

OPENSUSE-SU-2024:13785-1 kernel-devel-6.8.1-1.1 on GA media

These are all security issues fixed in the kernel-devel-6.8.1-1.1 package on the GA media of openSUSE Tumbleweed...

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. Fix TinyMCE 6.8.1 introduced a new convertunsafeembeds opti...

GHSA-5359-PVF2-PW78 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. Fix TinyMCE 6.8.1 introduced a new convertunsafeembeds opti...

CVE-2024-29203

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...

UBUNTU-CVE-2024-29881

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...

CVE-2024-29881

TinyMCE is affected by an XSS vulnerability (CVE-2024-29881) in its handling of external SVG content loaded via object/embed during content loading/insertion. The root cause is improper validation of user-supplied input via SVGs, allowing a payload to execute in the context of the hosting site. T...

CVE-2024-29881 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...

CVE-2024-29881

Removed by vendor...

CVE-2024-29203 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content insertion code. This allowed iframe elements containing malicious code to execute when inserted into the editor. These iframe elements are restricted in their permissions by...