WordPress plugin theme Wibar 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-41434

Internet Download Manager 6.38.12 contains a buffer overflow vulnerability in the Scheduler component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data exceeding 5000 bytes into the 'Open the following file when done' field to...

CVE-2026-45665

Open WebUI contains a Stored XSS in the Banner component due to incorrect sanitization order (DOMPurify before marked.parse). The vulnerability allows a compromised administrator to store a payload in the global banner that is rendered for all users, including the Super Admin, enabling privilege ...

EUVD-2026-30664

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

CVE-2026-45665

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, a Stored Cross-Site Scripting XSS vulnerability exists in the Banner component due to an improper sanitization order specifically, DOMPurify is executed before the marked library. Th...

CVE-2021-47965 WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

CVE-2021-47965 WordPress Plugin WP Super Edit 2.5.4 Unrestricted File Upload

WordPress Plugin WP Super Edit 2.5.4 and earlier contains an unrestricted file upload vulnerability in the FCKeditor component that allows attackers to upload dangerous file types without validation. Attackers can upload arbitrary files through the filemanager upload endpoint to achieve remote co...

DEBIAN-CVE-2026-44699

LibJWT is a C JSON Web Token Library. From 3.0.0 to 3.3.2, libjwt accepts an RSA JWK that does not contain an alg parameter as the verification key for an HS256/HS384/HS512 token. In the OpenSSL backend, this causes HMAC verification to run with a zero-length key, so an attacker can forge a valid...

OESA-2026-2350 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

Vulnerabilities managed in Ivanti Endpoint Manager

Ivanti has addressed several vulnerabilities in Ivanti Endpoint Manager, specifically in the core server, the agent, and the web console components. These vulnerabilities concern various aspects of Ivanti Endpoint Manager. First, a remotely authenticated attacker can exploit a vulnerable method t...

CVE-2026-8586

An inappropriate implementation flaw was found in the Chromoting component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=499154022...

CVE-2026-8587

An use after free flaw was found in the Extensions component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=507356235...

CVE-2026-8582

An object lifecycle issue flaw was found in the Dawn component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497594413...

CVE-2026-8580

An use after free flaw was found in the Mojo component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496639647...

CVE-2026-8578

An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=496395450...

CVE-2026-8571

An insufficient policy enforcement flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=491422244...

CVE-2026-8569

An out of bounds write flaw was found in the Codecs component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=490229299...

CVE-2026-8565

An inappropriate implementation flaw was found in the Downloads component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=442860473...

CVE-2026-8564

An incorrect security ui flaw was found in the Downloads component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=418273622...

CVE-2026-8562

A side-channel information leakage flaw was found in the Navigation component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=40057534...