CVE-2026-56323

Capgo before 12.128.2 contains an information disclosure vulnerability in the /functions/v1/channelself endpoint that allows unauthenticated attackers to enumerate non-public channel names and determine app existence and subscription status. Remote attackers can send GET requests with arbitrary...

PT-2026-51411

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the '/functions/v1/channel self' endpoint. Unauthenticated remote attackers can send GET requests using arbitrary app id parameters to enumerate non-public...

CVE-2026-32687

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...

CVE-2026-33685

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...

CVE-2026-24050

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

CVE-2026-24050

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

CVE-2026-24050 Zulip affected by Stored XSS in user profile modal

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

CVE-2026-24050

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

CVE-2026-24050 Zulip affected by Stored XSS in user profile modal

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

EUVD-2026-5640

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

CVE-2026-24050 Zulip affected by Stored XSS in user profile modal

Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...

PT-2026-6771

Name of the Vulnerable Software and Affected Versions Zulip versions 5.0 through 11.4 Description Zulip, an open-source team collaboration tool, had a stored cross-site scripting XSS issue in group names or channel names due to certain administrative actions on the user profile. Exploitation...

Zulip 跨站脚本漏洞

Zulip is a powerful open-source chat application developed by the American company Zulip Corporation. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Versions of Zulip from 5.0 to 11.5 had a cross-site scripting vulnerability. This...

EUVD-2024-45830

Malicious code in bioql PyPI...

EUVD-2024-2970

Malicious code in bioql PyPI...

CVE-2023-53400

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names getlineoutpfx may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for t...

DEBIAN-CVE-2023-53400

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names getlineoutpfx may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for t...

CVE-2023-53400 ALSA: hda: Fix Oops by 9.1 surround channel names

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names getlineoutpfx may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for t...

CVE-2023-53400

CVE-2023-53400 : In the Linux kernel, ALSA: hda: Fix Oops by 9.1 surround channel names. The root cause is get_line_out_pfx() overflowing a static array when more than 8 channels are present (reported on MacBookPro 12,1 with Cirrus codec). The fix extends the code paths to accommodate 9.1 channel...

CVE-2023-53400

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names getlineoutpfx may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for t...