CVE-2026-25612 Internal ResourceId collision may affect unrelated collections

The internal locking mechanism of the MongoDB server uses an internal encoding of the resources in order to choose what lock to take. Collections may inadvertently collide with one another in this representation causing unavailability between them due to conflicting locks...

CLSA-2026-1770735752 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

CLSA-2026-1770734875 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

CLSA-2026-1770734305 expat: Fix of CVE-2026-24515

CVE-2026-24515: Fix a null pointer dereference in the XML parser caused by the failure to copy user data for unknown encoding handlers...

CLSA-2026-1770732201 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: XMLExternalEntityParserCreate failure to copy the encoding handler data can cause a NULL dereference. - debian/patches/CVE-2026-24515.patch: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - CVE-2026-24515...

CVE-2026-1866

The WordPress plugin Name Directory (vulnerable up to 1.32.0) is affected by a Stored XSS due to double HTML-entity encoding in its sanitization flow. The plugin decodes HTML entities before wp_kses and decodes output again, enabling unauthenticated attackers to inject scripts via the public subm...

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

CLSA-2026-1770707507 Fix CVE(s): CVE-2026-24515

SECURITY UPDATE: Make XMLExternalEntityParserCreate copy unknown encoding handler user data - debian/patches/CVE-2026-24515.patch: copy unknown encoding handler user data and add tests to cover effect - CVE-2026-24515...

CVE-2026-24325

SAP BusinessObjects Enterprise does not sufficiently encode user-controlled inputs, leading to Stored Cross-Site Scripting XSS vulnerability. This enables an admin user to inject malicious JavaScript into a website and the injected script gets executed when the user visits the compromised page.Th...

SAP BusinessObjects Enterprise 跨站脚本漏洞

SAP BusinessObjects Enterprise is a business intelligence platform developed by the German company SAP. SAP BusinessObjects Enterprise has a cross-site scripting vulnerability, which stems from insufficient user-controlled input encoding. This vulnerability may lead to storage-based cross-site...

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from issues wit...

PT-2026-7246

The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via double HTML-entity encoding in all versions up to, and including, 1.32.0. This is due to the plugin's sanitization function calling html entity decode before wp kses, and then calling html entity decode again...

CLSA-2026-1770648617 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

CLSA-2026-1770648267 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

CLSA-2026-1770647876 expat: Fix of CVE-2026-24515

CVE-2026-24515: make XMLExternalEntityParserCreate copy unknown encoding handler user data...

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

CVE-2025-66606

A vulnerability has been found in FAST/TOOLS provided by Yokogawa Electric Corporation. This product does not properly encode URLs. An attacker could tamper with web pages or execute malicious scripts. The affected products and versions are as follows: FAST/TOOLS Packages: RVSVRN, UNSVRN, HMIWEB,...

CVE-2025-66606

CVE-2025-66606 affects Yokogawa FAST/TOOLS. Root cause: improper URL encoding in FAST/TOOLS web components, allowing a network-accessible attacker to tamper with web pages or execute malicious scripts. Affected packages/versions: FAST/TOOLS (Packages: RVSVRN, UNSVRN, HMIWEB, FTEES, HMIMOB) from R...