CVE-2026-54230

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

CVE-2026-54230

CVE-2026-54230 describes a symlink-following vulnerability in ABRT’s libreport post-create event handler scripts. The scripts write output via shell redirections without O_NOFOLLOW, so if a target file is replaced with a symlink, a root process can overwrite arbitrary files on the system. This is...

PT-2026-49076

Name of the Vulnerable Software and Affected Versions libreport affected versions not specified Description A content injection issue exists in the ABRT post-create event handler scripts within libreport. The event script retrieves log entries from the systemd journal for crashed processes and...

CVE-2026-33128

H3 is a minimal HTTP framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events SSE injection due to missing newline sanitization in formatEventStreamMessage and formatEventStreamComment. An attacker who controls any part of...

CVE-2019-25316

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

CVE-2019-25316 GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

PT-2026-7610

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

CVE-2025-71084 RDMA/cm: Fix leaking the multicast GID table reference

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix leaking the multicast GID table reference If the CM ID is destroyed while the CM event for multicast creating is still queued the cancelworksync will prevent the work from running which also prevents destroying the...

CVE-2025-71084

CVE-2025-71084 (Linux kernel) fixes a leak in the multicast GID table reference within RDMA/cm. If the CM ID is destroyed while the multicast creation event is queued, cancel_work_sync() can prevent the work from running and destroy ah_attr, causing a refcount leak and a WARN in kernel logs. Affe...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

EUVD-2025-32200

Malicious code in bioql PyPI...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

PT-2025-40415

Name of the Vulnerable Software and Affected Versions The Matrix specification versions prior to 1.16 Description The Matrix specification, when using a room version before 12, does not ensure uniqueness of create events. Recommendations Update to version 1.16 or later...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

CVE-2025-54315

The CVE-2025-54315 issue affects the Matrix protocol: prior to matrix 1.16 (room version

Linux Distros Unpatched Vulnerability : CVE-2022-47372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability b...

GHSA-76VF-MPMX-777J Graylog Allows Session Takeover via Insufficient HTML Sanitization

Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...

CVE-2022-47372

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the...