48 matches found
CVE-2026-32687
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in elixir-ecto postgrex 'Elixir.Postgrex.Notifications' module allows SQL Injection. The channel argument passed to 'Elixir.Postgrex.Notifications':listen/3 and...
CVE-2026-33685
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the plugin/ADServer/reports.json.php endpoint performs no authentication or authorization checks, allowing any unauthenticated attacker to extract ad campaign analytics data including video titles, user channel...
CVE-2026-24050
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...
CVE-2026-24050
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...
EUVD-2026-5640
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...
CVE-2026-24050 Zulip affected by Stored XSS in user profile modal
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...
CVE-2026-24050 Zulip affected by Stored XSS in user profile modal
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...
CVE-2026-24050 Zulip affected by Stored XSS in user profile modal
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...
CVE-2026-24050
Zulip is an open-source team collaboration tool. From 5.0 to before 11.5, some administrative actions on the user profile were susceptible to stored XSS in group names or channel names. Exploiting these vulnerabilities required the user explicitly interacting with the problematic object. This...
PT-2026-6771
Name of the Vulnerable Software and Affected Versions Zulip versions 5.0 through 11.4 Description Zulip, an open-source team collaboration tool, had a stored cross-site scripting XSS issue in group names or channel names due to certain administrative actions on the user profile. Exploitation...
Zulip 跨站脚本漏洞
Zulip is a powerful open-source chat application developed by the American company Zulip Corporation. It combines the immediacy of real-time conversations with the productivity benefits of threaded dialogue. Versions of Zulip from 5.0 to 11.5 had a cross-site scripting vulnerability. This...
EUVD-2024-2970
Malicious code in bioql PyPI...
EUVD-2024-45830
Malicious code in bioql PyPI...
DEBIAN-CVE-2023-53400
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names getlineoutpfx may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for t...
CVE-2023-53400
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names getlineoutpfx may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for t...
CVE-2023-53400
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names getlineoutpfx may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for t...
CVE-2023-53400 ALSA: hda: Fix Oops by 9.1 surround channel names
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix Oops by 9.1 surround channel names getlineoutpfx may trigger an Oops by overflowing the static array with more than 8 channels. This was reported for MacBookPro 12,1 with Cirrus codec. As a workaround, extend for t...
CVE-2023-53400
CVE-2023-53400 : In the Linux kernel, ALSA: hda: Fix Oops by 9.1 surround channel names. The root cause is get_line_out_pfx() overflowing a static array when more than 8 channels are present (reported on MacBookPro 12,1 with Cirrus codec). The fix extends the code paths to accommodate 9.1 channel...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not properly handling 9.1 surround channel names, which could lead to an array overflow...
Exposure of Sensitive Information Through Metadata
Overview github.com/mattermost/mattermost-plugin-playbooks/server/app is a package for reliable and repeatable processes using checklists, automation, and retrospectives Affected versions of this package are vulnerable to Exposure of Sensitive Information Through Metadata through improper...