PT-2026-22892

Name of the Vulnerable Software and Affected Versions Apache Artemis versions 2.50.0 through 2.51.0 Apache ActiveMQ Artemis versions 2.11.0 through 2.44.0 Description A missing authentication check for a critical function exists in Apache Artemis and Apache ActiveMQ Artemis. An unauthenticated...

CVE-2026-24903 OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

CVE-2026-24903 OrcaStatLLM Researcher Stored Cross-Site Scripting (XSS) via Log Message Injection in Session Page

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

CVE-2026-24903

CVE-2026-24903 affects OrcaStatLLM Researcher (LLM-based research paper generator). A stored XSS in the Session Page log message allows attacker-supplied inputs to inject and execute JavaScript in victims’ browsers. CVSSv4 base score 5.3 (Medium): Network, Low attack complexity, no privileges, us...

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

EUVD-2025-206448

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries for instance the Client Hello and Encrypted Extensions messages, the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosu...

CVE-2025-62190 CSRF Allows Call Initiation and Message Delivery

Mattermost versions 11.0.x = 11.0.4, 10.12.x = 10.12.2, 10.11.x = 10.11.6 and Mattermost Calls versions =1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious...

CVE-2025-62190

Mattermost exposes a CSRF flaw in the Calls widget page affecting Mattermost server versions 11.0.x up to 11.0.4, 10.12.x up to 10.12.2, 10.11.x up to 10.11.6 and Mattermost Calls = 1.11.0 and related components (e.g., recorder) to versions with CSRF mitigations. Monitor for updates from Mattermo...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a lack of CSRF protection on the Calls widget page, which could lead to an attacker initiating a call and injecting a message into a...

CVE-2025-13452 Admin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated User Impersonation in Order Messages

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...

PT-2025-48015

The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14. This is due to a flawed permission check in the REST API permission callback that returns true when no nonce is provided...

ROS-20251022-02

Jenkins Automation Server vulnerability is related to a log message injection issue. Exploitation The vulnerability could allow an attacker acting remotely to compromise the target system A vulnerability in the Jenkins Automation Server is related to a vulnerable plugin not checking permissions f...

EUVD-2018-12245

Malware in sbrugna...

EUVD-2020-19092

Malware in sbrugna...

EUVD-2019-1092

Malware in sbrugna...

EUVD-2020-30122

Malware in sbrugna...

EUVD-2021-24162

Malware in sbrugna...

EUVD-2006-1352

Malware in sbrugna...

EUVD-2008-3759

Malware in sbrugna...

EUVD-2015-3463

Malware in sbrugna...