@atlassian/aui (>=9.3.22 <=10.0.0-M02), @charcoal-ui/icons (>=3.16.0 <=3.21.0) +115 more potentially affected by CVE-2025-15599 via dompurify (>=2.5.4 <=2.5.8)

dompurify NPM version =2.5.4, =9.3.22, =3.16.0, =3.0.0, =3.0.0, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240806060533, =0.0.0-canary-20240719153432, =0.0.0-fec-156-react19-20250116105607, =0.0.0-fec-156-react19-20250116105607,...

PT-2026-22746

Name of the Vulnerable Software and Affected Versions Tuya App and SDK version 24.07.11 Description A denial of service condition exists in Tuya App and SDK. The issue affects an unknown functionality within the JSON Data Point Handler component. Manipulation of the cruise time argument can lead ...

PT-2026-22468

CVE-2024-62819 Nexus AI Chatbot A production-grade AI chatbot platform, forked from Vercel's Chat SDK and extended with multi-model support, document management, RAG search, and custom AI agents. Live https://t.co/yWk2xxjelG...

CVE-2026-26861

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-Site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...

CVE-2026-27704 Dart SDK and Flutter SDK have Zip slip in Dart Pub package extraction

The Dart and Flutter SDKs provide software development kits for the Dart programming language. In versions of the Dart SDK prior to 3.11.0 and the Flutter SDK prior to version 3.41.0, when the pub client dart pub and flutter pub extracts a package in the pub cache, a malicious package archive can...

Exploit for CVE-2025-1242

ICSA-26-055-03 — Gardyn Home Kit IoT Vulnerabilities CISA ICS...

RLSA-2026:2776 Moderate: edk2 security update

EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU and KVM. Security Fixes: openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap CVE-2025-9230 For more details about the security issues, includi...

Security Bulletin: Vulnerability in IBM® Java SDK affects WebSphere Service Registry and Repository due to CVE-2026-1188

Summary A buffer overflow vulnerability in IBM® SDK, Java™ Technology Edition affects IBM WebSphere Service Registry and Repository. This issue is also addressed by WebSphere Application Server shipped with WebSphere Service Registry and Repository. Vulnerability Details CVEID:CVE-2026-1188...

Security Bulletin: Vulnerability in IBM® Java SDK affects IBM WebSphere Application Server and WebSphere Application Server Liberty due to CVE-2026-1188

Summary There is a vulnerability in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE listed in this document might affect some configurations of IBM WebSphere Application Server traditional and IBM...

Security Bulletin: Multiple Vulnerabilities of IBM Java SDK affect Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments

Summary IBM java SDK is used by Linux KVM Agent from IBM Tivoli Monitoring for Virtual Environments. Vulnerability Details CVEID:CVE-2026-21945 DESCRIPTION: Java SE is vulnerable to a denial of service, caused by an easily exploitable vulnerability issue that allows an remote attacker to cause a...

RHEL 9 : edk2 (RHSA-2026:3164)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:3164 advisory. EDK Embedded Development Kit is a project to enable UEFI support for Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU a...

CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...

CVE-2026-27120

Leaf-kit (templating library for Swift) before version 1.4.1 is vulnerable to HTML escaping bypass via extended grapheme clusters in htmlEscaped(), enabling potential XSS in attribute contexts when user-controlled variables are interpolated. The root cause is that htmlEscaped escapes only when th...

CVE-2026-27120 Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...

CVE-2026-27120 Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...

CVE-2026-27120 Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...

CVE-2026-25416

Missing Authorization vulnerability in blazethemes News Kit Elementor Addons news-kit-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects News Kit Elementor Addons: from n/a through = 1.4.2...

Improper Neutralization of Equivalent Special Elements

Overview vapor/leaf-kit is an an expressive, performant, and extensible templating language built for Swift. Affected versions of this package are vulnerable to Improper Neutralization of Equivalent Special Elements in the htmlEscaped function. An attacker can inject malicious HTML or JavaScript...

Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...

GHSA-4HFH-FCH3-5Q7P Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Summary htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character and some additional characters. In the case of html attributes, this c...