CVE-2026-35212 OpenCTI has XSS in the rendering of email-message observable body data

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Versions prior to 7.260227.0 are vulnerable to XSS in the rendering of email-message observable body data. The content of the body field isn't appropriately sanitized when being rendered. Does...

CVE-2026-34608

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhookinproc.c, the hookworkcb function processes nng messages by parsing the message body with cJSONParsebody. The body is obtained from nngmsgbodymsg, which is a binary buffer without a...

CVE-2026-34608

Summary of the impact for CVE-2026-34608: NanoMQ prior to 0.24.10 is susceptible to a heap/OOB read in webhook_inproc.c, where webhook_inproc.c:hook_work_cb() parses the message body with cJSON_Parse(body). The body comes from nng_msg_body(msg), a binary buffer without a guaranteed null terminato...

PT-2026-29862

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. Prior to version 0.24.10, in NanoMQ's webhook inproc.c, the hook work cb function processes nng messages by parsing the message body with cJSON Parsebody. The body is obtained from nng msg bodymsg, which is a binary buffer withou...

EUVD-2012-2573

Malware in sbrugna...

EUVD-2012-2557

Malware in sbrugna...

EUVD-2012-2570

Malware in sbrugna...

EUVD-2020-20627

Malware in sbrugna...

EUVD-2005-3427

Malware in sbrugna...

EUVD-2012-2576

Malware in sbrugna...

EUVD-2012-2559

Malware in sbrugna...

USN-7636-1 roundcube vulnerability

It was discovered that Roundcube Webmail incorrectly handled sanitization in the messagebody function. A remote attacker could possibly use this issue to send and receive emails as another user...

VulnCheck KEV: CVE-2024-42009

RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

CVE-2012-2571

Multiple cross-site scripting XSS vulnerabilities in WinWebMail Server 3.8.1.6 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted Cascading Style Sheets CSS expression property, 3 a CSS expression property in the STYLE...

CVE-2012-2590

Multiple cross-site scripting XSS vulnerabilities in ESCON SupportPortal Professional Edition 3.0 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a SCRIPT element, 2 a crafted SRC attribute of an IFRAME element, 3 a crafted CONTENT attribute of an...

CVE-2012-2578

Multiple cross-site scripting XSS vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with 1 a JavaScript alert function used in conjunction with the fromCharCode method, 2 a SCRIPT element, 3 a Cascading Style Sheets CSS...

SUSE CVE-2024-56616

In the Linux kernel, the following vulnerability has been resolved: drm/dpmst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC aka message data CRC at the end of the message. This fixes a...

CVE-2024-56616

CVE-2024-56616 (Linux kernel) affects drm_dp_mst sideband handling. The MST sideband message body length check was fixed to require at least 1 byte (accounting for the message CRC). Without this, a header with a valid header CRC but body length 0 could trigger memory corruption in drm_dp_sideband...

UBUNTU-CVE-2024-42009

A Cross-Site Scripting vulnerability in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in messagebody in program/actions/mail/show.php...

SUSE CVE-2012-4600

Cross-site scripting XSS vulnerability in Open Ticket Request System OTRS Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags...