CVE-2026-45323 MeshCore Card: XSS vulnerability through meshcore node name

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

CVE-2026-22680

The vulnerability affects OpenViking prior to version 0.3.3, where the task polling endpoints (/api/v1/tasks and /api/v1/tasks/{task_id}) allow unauthenticated access. Root cause: missing authorization on task polling exposes background task metadata (task type, status, resource identifiers, arch...

PT-2023-24209 · Ntpd-Rs · Ntpd-Rs

Name of the Vulnerable Software and Affected Versions: ntpd-rs versions prior to 0.3.3 Description: ntpd-rs does not validate the length of NTS cookies in received NTP packets to the server. An attacker can crash the server by sending a specially crafted NTP packet containing a cookie shorter tha...

PT-2022-17215 · Fscrypt +1 · Fscrypt +1

Name of the Vulnerable Software and Affected Versions: fscrypt versions prior to 0.3.3 Description: The PAM module for fscrypt does not adequately validate fscrypt metadata files, allowing users to create malicious metadata files that prevent other users from logging in. A local user can cause a...