2332 matches found
Kuma 安全漏洞
Kuma is a modern service mesh developed by Kuma OpenSource, based on Envoy. It can be run on Kubernetes and VMs, with single- or multi-zone capabilities, across various clouds. There were security vulnerabilities in versions of Kuma before 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5. These...
GHSA-VV9J-GJW2-J8WP yeoman-environment Vulnerable to Arbitrary Package Installation without User Confirmation
Impact yeoman-environment versions = 2.9.0 and 6.0.1 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation...
PT-2026-43442
Impact yeoman-environment versions = 2.9.0 and 6.0.1 install missing local generator packages from caller-supplied package names without user confirmation. In downstream consumers that pass attacker-controlled project configuration into this path, this can result in arbitrary package installation...
SB Admin SQL注入漏洞
SB Admin is a Bootstrap based open source admin backend template by Yash Pokharna individual developer. SB Admin suffers from a SQL injection vulnerability that stems from the operation of the parameter User in the file /success.php, which could lead to SQL injection...
Malicious code in @atlisp/mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...
MAL-2026-4365 Malicious code in @atlisp/mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c5f4a9667f0a13220de9b838fde4fc16bd5aaa7f79d91f1122725e4799582515 The package's MCP server auto-injects a LISP bootstrap into every CAD command sent through cadSend/cadSendWithResult, plus connectcad's initAtlisp an...
Astra Linux - уязвимость в twitter-bootstrap3
A security vulnerability has been discovered in Bootstrap that could enable Cross-Site Scripting XSS attacks. The vulnerability is related to the “data-loading-text” attribute within the button plugin. This vulnerability can be exploited by injecting malicious JavaScript code into this attribute,...
Astra Linux - уязвимость в twitter-bootstrap3
Improper neutralization of input during web page generation XSS or “cross-site scripting” vulnerability in Bootstrap allows cross-site scripting. This issue affects Bootstrap: from version 3.4.1 to 4.0.0...
Astra Linux - уязвимость в postgresql-11
In the extension script, a SQL injection vulnerability was detected in PostgreSQL when the symbols @extowner@, @extschema@, or @extschema:...@ were used within quotation marks either dollar quotes, '', or other forms of quotation marks. If an administrator has installed files from a vulnerable,...
[SECURITY] Fedora 43 Update: dnsmasq-2.92rel2-2.fc43
Dnsmasq is lightweight, easy to configure DNS forwarder and DHCP server. It is designed to provide DNS and, optionally, DHCP, to a small network. It can serve the names of local machines which are not in the global DNS. The DHCP server integrates with the DNS server and allows machines with...
MAL-2026-4407 Malicious code in @mcpassure/mcp-cnes (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 243d5ff1424c2d147ee05781c1889b007eb30e22a190bf6dc3973b676ea697a7 dist/bootstrap.js performs a fetch against https://pub-046c52795b9445cd9f5cc5cb21b9d59f.r2.dev, an anonymous Cloudflare R2 bucket with no publisher...
Low: aws-cfn-bootstrap
Issue Overview: No CVE associated with this advisory Affected Packages: aws-cfn-bootstrap Issue Correction: Run dnf update aws-cfn-bootstrap --releasever 2023.11.20260514 or dnf update --advisory ALAS2023-2026-1662 --releasever 2023.11.20260514 to update your system. More information on how to...
CVE-2026-7661
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
GHSA-VMWF-M9C5-3JVC vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-32178 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
GHSA-VMWF-M9C5-3JVC vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
CVE-2026-32178 vulnerabilities
Vulnerabilities for packages: dotnet-bootstrap...
EUVD-2026-29421
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-7661
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-7661 Bootstrap Shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'box' Shortcode
The Bootstrap Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the box shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...