Alibaba Cloud Linux 3 : 0113: python3 (ALINUX3-SA-2026:0113)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0113 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-4786: Mitgation ofCVE-2026-4519 w...

RHEL 8 : python3.11 (RHSA-2026:11062)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:11062 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

RHEL 9 : python3.9 (RHSA-2026:10949)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10949 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

SUSE-SU-2026:1385-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. - CVE-2026-3479: improper resource argument validation can allow path traversal bsc1259989. - CVE-2026-3644: incomplete control...

Security update for python36

This update for python36 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-3479: python: improper resource argument validation can allow path traversal bsc1259989. CVE-2026-3644: incomplete contro...

CVE-2026-4364

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows certificate listings retrieved via a browser session to return a...

EUVD-2022-0791

Malicious code in bioql PyPI...

EUVD-2023-41183

Malicious code in bioql PyPI...

Cisco Integrated Management Controller Cross-Site Scripting Vulnerability

Cisco Integrated Management Controller IMC is a set of software used by Cisco to manage UCS Unified Computing System, which supports HTTP, SSH access, etc., and allows operations such as powering up, shutting down and restarting the server. A cross-site scripting vulnerability exists in Cisco...

Ivanti Connect Secure Security Vulnerability

Ivanti Connect Secure is a secure remote network connection tool from Ivanti Corporation, USA. A security vulnerability exists in Ivanti Connect Secure 9.x, 22.x and prior versions that originated from a cross-site scripting attack by allowing an authenticated, highly privileged user to inject...

CVE-2024-26471

A reflected cross-site scripting XSS vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php...

Cross-Site Scripting(XSS)

pimcore is vulnerable to Cross-site Scripting XSS. The vulnerability is due to the processDocument function which lack s checks whether a PDF document contains JavaScript code. This allows an attacker to to inject malicious scripts into the browser...

CVE-2023-41167

@webiny/react-rich-text-renderer before 5.37.2 allows XSS attacks by content managers. This is a react component to render data coming from Webiny Headless CMS and Webiny Form Builder. Webiny is an open-source serverless enterprise CMS. The @webiny/react-rich-text-renderer package depends on the...

Cross-Site Scripting (XSS)

craftcms/cms is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to a lack of sanitization in field names, which allows an attacker to inject and execute arbitrary JavaScript into the browser...

Grav Server Side Template Injection (SSTI) vulnerability

Summary I found an RCERemote Code Execution by SSTI in the admin screen. Details Remote Code Execution is possible by embedding malicious PHP code on the administrator screen by a user with page editing privileges. PoC 1. Log in to the administrator screen and access the edit screen of the defaul...

Cross-site Scripting (XSS)

wwbn/avideo is vulnerable to cross-site scripting. The getDeviceID method does not properly handle the $device parameter, allowing an attacker to inject malicious script into victim's browser via yptDevice to view/include/head.php...

CVE-2021-32009

Cross-site Scripting XSS vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions...

Cross-site Scripting (XSS)

erxes is vulnerable to cross-site scripting. The vulnerability exists due to a lack of validation of the template tag allowing an attacker to inject maliciously crated script via the browser...

Teradici PCoIP Management Console 跨站脚本漏洞

Teradici PCoIP Management Console is a console application for managing PCoIP clients from Teradici Canada.A cross-site scripting vulnerability exists in Teradici PCoIP Management Console Enterprise, which could be exploited by an attacker to inject arbitrary text into a user's browser via a Web...

CVE-2020-35725

Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...