Astra Linux - уязвимость в twitter-bootstrap3

A security vulnerability has been discovered in Bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is related to the “data-loading-text” attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into this attribute,...

PT-2026-36922

Name of the Vulnerable Software and Affected Versions Nginx UI version 2.3.5 Description Nginx UI, a web user interface for the Nginx web server, contains a flaw allowing an unauthenticated bootstrap takeover. This occurs during the initial installation window via the 'POST /api/install' endpoint...

CVE-2026-40044 Pachno 1.0.6 FileCache Deserialization Remote Code Execution

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...

MiracleLinux 8 : pki-deps:10.6 (AXSA:2021-1599:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1599:01 advisory. jquery: Cross-site scripting via cross-domain ajax requests CVE-2015-9251 bootstrap: XSS in the data-target attribute CVE-2016-10735 bootstrap:...

CVE-2023-31442

In Lightbend Akka before 2.8.1, the async-dns resolver used by Discovery in DNS mode and transitively by Cluster Bootstrap uses predictable DNS transaction IDs when resolving DNS records, making DNS resolution subject to poisoning by an attacker. If the application performing discovery does not...

CVE-2022-26624

Bootstrap v3.1.11 and v3.3.7 was discovered to contain a cross-site scripting XSS vulnerability via the Title parameter in /vendor/views/addproduct.php...

EUVD-2019-0170

Malware in sbrugna...

EUVD-2019-4819

Malware in sbrugna...

EUVD-2018-0462

Malware in sbrugna...

EUVD-2019-2230

Malware in sbrugna...

EUVD-2024-47621

Malicious code in bioql PyPI...

EUVD-2019-0192

Malicious code in bioql PyPI...

EUVD-2022-31178

Malicious code in bioql PyPI...

EUVD-2024-2420

Malicious code in bioql PyPI...

EUVD-2025-15170

Malicious code in bioql PyPI...

EUVD-2025-4218

Malicious code in bioql PyPI...

Medium: pki-core

Issue Overview: Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Bootstrap allows Cross-Site Scripting XSS.This issue affects Bootstrap: from 3.4.1 before 4.0.0. CVE-2025-1647 Affected Packages: pki-core Note: This advisory is applicable t...

Bootstrap 4.x <= 4.6.2 Cross-Site Scripting

According to its self-reported version number, Bootstrap is 4.x prior 4.6.2 . Therefore, it may be affected by a Cross-Site Scripting XSS vulnerability within the Carousel component. Note that the scanner has not tested for these issues but has instead relied only on the application's self-report...

CVE-2024-6547

The Add Admin CSS plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin utilizing bootstrap and leaving test files with displayerrors on. This makes it possible for unauthenticated attackers to retrieve the full path of t...

01.webpack-study (=1.0.0), 0226 (=1.0.0) +3326 more potentially affected by CVE-2025-1647 via bootstrap (>=3.1.1 <=3.4.1)

bootstrap NPM version =3.1.1, =0.1.0, =4.13.7-rc4, =3.0.1, =3.0.4, =0.0.0-ad-beta.1, =0.0.0-aj-alpha.9, =0.0.2, =0.3.6, =0.4.35 and more Source cves: CVE-2025-1647 Source advisory: OSV:GHSA-Q58R-HWC8-RM9J...