6399 matches found
CVE-2026-33044
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see ...
CVE-2026-33044
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see ...
CVE-2026-33044
CVE-2026-33044 affects Home Assistant. An authenticated party can set a malicious name on a device entity, enabling stored XSS in dashboards containing a Map-card when a user hovers an information point. Vulnerable since 2020.02 up to 2026.01; fixed in 2026.01. The issue impacts dashboards visibl...
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see ...
CVE-2026-33044 Home Assistant has stored XSS in Map-card through malicious device name
Home Assistant is open source home automation software that puts local control and privacy first. Starting in version 2020.02 and prior to version 2026.01, an authenticated party can add a malicious name to their device entity, allowing for Cross-Site Scripting attacks against anyone who can see ...
BIT-NATS-2026-33248 NATS has mTLS verify_and_map authentication bypass via incorrect Subject DN matching
NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, when using mTLS for client identity, with verifyandmap to derive a NATS identity from the client certificate's Subject DN, certain patterns of RDN would not be...
CVE-2026-26070
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is an EV SoC update with powermeter periodic update and unplugging/SessionFinished state. Version 2026.2.0 contains a...
CVE-2026-26072
EVerest is an EV charging software stack. Versions prior to 2026.02.0 have a data race leading to std::map concurrent access container/optional corruption possible. The trigger is EV SoC update with powermeter periodic update and unplugging/SessionFinished status. Version 2026.02.0 patches the...
CLSA-2026-1774625950 webkit2gtk3: Fix of CVE-2025-43438
CVE-2025-43438: introduce distinct SpecMapIteratorObject/SpecSetIteratorObject types replacing shared SpecObjectOther in JSC DFG/FTL JIT type speculation...
WordPress DSGVO snippet for Leaflet Map and its Extensions plugin <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'unset' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'unset' Attribute vulnerability discovered by zaim in WordPress Plugin DSGVO snippet for Leaflet Map and its Extensions versions = 3.1...
Security update for the Linux Kernel (Live Patch 6 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.22 fixes various security issues The following security issues were fixed: CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed...
CVE-2026-4389
The DSGVO snippet for Leaflet Map and its Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the leafext-cookie-time and leafext-delete-cookie shortcodes in all versions up to, and including, 3.1. This is due to insufficient input sanitization and output escaping on...
SUSE-SU-2026:1099-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.19 fixes various security issues The following security issues were fixed: - CVE-2025-40258: mptcp: fix race condition in mptcpschedulework bsc1255053. - CVE-2025-40284: Bluetooth: MGMT: cancel mesh send timer when hdev removed...
UBUNTU-CVE-2026-33721
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
CVE-2026-33721
MapServer (CVE-2026-33721) has a heap-buffer-overflow in the SLD parser triggered by a crafted SLD containing more than 100 Threshold elements in a ColorMap/Categorize structure, exploitable by an unauthenticated remote attacker via WMS GetMap with SLD_BODY. Affects versions up to 4.2 prior to 8....
CVE-2026-33721 MapServer has heap buffer overflow in SLD `Categorize` Threshold parsing
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
CVE-2026-33721
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
CVE-2026-33721
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
EUVD-2026-16501
MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with mor...
PT-2026-28511
Name of the Vulnerable Software and Affected Versions MapServer versions 4.2 through 8.6.0 Description MapServer is a system for developing web-based GIS applications. A heap-buffer-overflow write in MapServer’s SLD Styled Layer Descriptor parser allows a remote, unauthenticated attacker to crash...