CVE-2026-6755

Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...

EUVD-2026-23764

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

CVE-2026-6600

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

PT-2026-33706

A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of the component Frontend React Component Rendering. Executing a manipulation can lead to cross site...

CVE-2026-28797

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

CVE-2025-66955

Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls...

CVE-2025-66956

Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL...

CVE-2026-1625

A vulnerability was detected in D-Link DWR-M961 1.1.47. The impacted element is the function sub4250E0 of the file /boafrm/formSmsManage of the component SMS Message. Performing a manipulation of the argument actionvalue results in command injection. The attack may be initiated remotely. The...

EUVD-2008-6046

Malware in sbrugna...

EUVD-2025-22343

Malicious code in bioql PyPI...

CVE-2025-6741

Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.4.0 Devolutions Server...

Devolutions Server <= 2025.1.11.0 / 2025.2.2.0 < 2025.2.5.0 Improper Access Control (DEVO-2025-0012) (CVE-2025-6741)

The version of Devolutions Server installed on the remote host is prior to 2025.1.11.0 or 2025.2.2.0 prior to 2025.2.5.0 and is, therefore, affected by an improper access control vulnerability: - Improper access control in secure message component in Devolutions Server allows an authenticated use...

CVE-2025-6741

Improper access control in secure message component in Devolutions Server allows an authenticated user to steal unauthorized entries via the secure message entry attachment feature This issue affects the following versions : Devolutions Server 2025.2.2.0 through 2025.2.4.0 Devolutions Server...

PT-2025-30445 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2025.1.11.0 and earlier Devolutions Server versions 2025.2.2.0 through 2025.2.4.0 Description: Improper access control in the secure message component of Devolutions Server allows an authenticated user to steal...

PT-2023-2935 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.6.0 through 5.9.2 Description: The issue is related to an operation restriction bypass vulnerability in the Message and Bulletin components of Cybozu Garoon. This vulnerability is associated with weaknesses in the...

Gibbon 跨站脚本漏洞

Gibbon is a school platform that solves real-world problems that educators encounter every day. A cross-site scripting vulnerability exists in Gibbon that stems from a stored XSS vulnerability in the wall message component in Gibbon v22.0.00...