1036 matches found
CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
Linux Distros Unpatched Vulnerability : CVE-2026-46644
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form CVE-2026-46644 Note that Nessus relies ...
CVE-2026-44903
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
DEBIAN-CVE-2026-44903
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-44903
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
UBUNTU-CVE-2026-44903
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-44903 Prometheus: Stored XSS via crafted histogram bucket label values in the heatmap display of the old Prometheus web UI
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-44903
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-44903
CVE-2026-44903 affects Prometheus servers with the legacy web UI enabled. From 2.49.0 up to before 3.5.3 and 3.11.3, histogram heatmap axis tick labels aren’t escaped when inserting metric label values into HTML, allowing an attacker who can inject crafted metrics to run JavaScript in the browser...
CVE-2026-44903
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
EUVD-2026-32008
Prometheus is an open-source monitoring system and time series database. From 2.49.0 to before 3.5.3 and 3.11.3, in the Prometheus server's legacy web UI enabled via the command-line flag --enable-feature=old-ui, the histogram heatmap chart view does not escape le label values when inserting them...
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...
CVE-2026-46644: symfony/polyfill-intl-idn accepts xn-- labels whose Punycode payload decodes to ASCII-only: insecure equivalence
More info at https://symfony.com/cve-2026-46644...
CVE-2026-46644
insecure equivalence in symfony/polyfill-intl-idn for ASCII-only xn-- labels...
SEED: Semi-Supervised Continual MalwarE Detection for Tackling ConcEpt Drift on a BuDget
Machine learning based malware detectors become obsolete over time due to concept drift in benign and malware applications. Recent methods rely on fully labeled data and use hierarchical contrastive loss HCL with active learning to improve robustness against drift by exploiting semantic structure...
CVE-2018-25347
WordPress Contact Form Maker Plugin 1.12.20 contains SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries through the FormMakerSQLMapping and generetecsvfmc AJAX actions. Attackers can inject malicious SQL code via the 'name' and 'searchlabels' parameter...
CVE-2018-25346
WordPress Form Maker Plugin ≤ 1.12.24 contains SQL injection via admin-ajax.php (FormMakerSQLMapping, generete_csv). Authenticated attackers can send POST payloads in name/search_labels to manipulate queries, potentially extracting/modifying data or escalating privileges in the WordPress database...
CyberMaskQA: A Privacy-Aware Benchmark for Evaluating Large Language Models in Cybersecurity Question Answering
Large language models LLMs are increasingly applied to cybersecurity question answering QA for critical tasks such as incident response and vulnerability analysis. However, real-world operational contexts, including system logs and network configurations, inherently contain sensitive identifiers,...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via the ToASCII and ToUnicode functions. An attacker can bypass hostname validation by submitting Punycode-encoded labels that decode to ASCII-only labels, potentially leading to privilege escalation in...