Zimbra - Cross-Site Scripting via ICS Files

Detects Zimbra Collaboration Suite versions vulnerable to CVE-2025-27915, a stored XSS vulnerability in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an email with a malicious ICS entry, embedded JavaScript executes via an ontoggle event...

openSIS Classic v9.1 - SQL Injection

SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $usernamestnid parameter, which can be manipulated by an attacker to inject arbitrary SQL commands. id: CVE-2024-51211...

Description of the security update for SharePoint Server Subscription Edition: May 12, 2026 (KB5002863)

Description of the security update for SharePoint Server Subscription Edition: May 12, 2026 KB5002863 Summary Important: If you're currently running SharePoint Workflow Manager, you must install SharePoint Workflow Manager KB5002799 to your farm before you install this cumulative update. If you'r...

Improper Input Validation

com.ibeetl:beetl-spring-classic is vulnerable to Improper Input Validation. The vulnerability is due to improper neutralization of special elements in expression language statements within the SpELFunction component, which allows an attacker to inject and execute malicious expressions remotely...

ROOT-APP-MAVEN-CVE-2023-6378 CVE-2023-6378 in io.root.ch.qos.logback:logback-classic - Patched by Root

Root has patched CVE-2023-6378 in the io.root.ch.qos.logback:logback-classic package for Root:Maven. Multiple fixed versions available...

Security Bulletin: glibc vulnerability

Summary Prior versions of Classic Remote Capture may include this vulnerability. Vulnerability Details CVEID:CVE-2025-15281 DESCRIPTION: Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized...

Security Bulletin: curl vulnerability

Summary Prior versions of Classic Remote Capture may include this curl vulnerability. Vulnerability Details CVEID:CVE-2025-9086 DESCRIPTION: 1. A cookie is set using the secure keyword for https://target 2. curl is redirected to or otherwise made to speak with http://target same hostname, but...

Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 ActiveMQ Classic Security Detection Tool This...

GHSA-FMMW-44RP-JCFP Beetl's SpELFunction extension function has an expression injection risk

A vulnerability was identified in xiandafu beetl up to 3.20.2. Affected is an unknown function of the file beetl-classic-integration/beetl-spring-classic/src/main/java/org/beetl/ext/spring/SpELFunction.java of the component SpELFunction. The manipulation leads to improper neutralization of specia...

CVE-2026-8759

Technical details are not publicly available in the provided documents; no affected versions, vectors, or fixes are specified beyond the description. Monitor for updates.

bleak

BLEAK — Bluetooth Link Exploitation & Attack Knowledgebase...

ROOT-APP-MAVEN-CVE-2017-5929 CVE-2017-5929 in io.root.ch.qos.logback:logback-classic - Patched by Root

Root has patched CVE-2017-5929 in the io.root.ch.qos.logback:logback-classic package for Root:Maven. Multiple fixed versions available...

agent-nexus-cli (>=0.1.0 <=0.1.31), agentiva (>=0.1.0 <=0.1.5) +24 more potentially affected by CVE-2026-45134 via langchain-classic (>=1.0.0 <=1.0.4)

langchain-classic PYPI version =1.0.0, =0.1.0, =0.1.0, =0.1.0, =3.0.3, =0.1.0, =0.1.0, =0.4.0, =0.8.0, =1.10.5, =0.4.0.dev7, =0.0.1, =0.1.2 and more Source cves: CVE-2026-45134 Source advisory: SNYK:PYTHON-LANGCHAINCLASSIC-16658750...

Deserialization of Untrusted Data

Overview langchain-classic is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Deserialization of Untrusted Data when fetching and processing prompt manifests from external sources. An attacker can execute arbitrary code or manipulate...

agent-nexus-cli (>=0.1.0 <=0.1.31), agentiva (>=0.1.0 <=0.1.5) +24 more potentially affected by CVE-2026-45134 via langchain-classic (>=1.0.0 <=1.0.4)

langchain-classic PYPI version =1.0.0, =0.1.0, =0.1.0, =0.1.0, =3.0.3, =0.1.0, =0.1.0, =0.4.0, =0.8.0, =1.10.5, =0.4.0.dev7, =0.0.1, =0.1.2 and more Source cves: CVE-2026-45134 Source advisory: OSV:GHSA-3644-Q5CJ-C5C7...

BIT-MONGODB-2026-4148 ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators

A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline...

Astra Linux - уязвимость в linux-6.1, linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs A malicious BPF program may manipulate the branch history to influence what the hardware speculates will happen next. On exit from a BPF program, emit the BHB...

CVE-2026-2052 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...

WordPress plugin Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

SQLInjection

Projekt Edukacyjny: Podatności SQL Injection Niniejsze repozy...