CVE-2026-31281

CVE-2026-31281 — Totara LMS HTML Injection : Totara LMS v19.1.5 and earlier is described as vulnerable to HTML injection via a message sent to users, enabling the attacker to execute HTML/JS in the victim’s browser and potentially causing session hijacking and command execution on the user’s devi...

CVE-2025-15266 GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation <= 1.1.8 - Unauthenticated Stored Cross-Site Scripting

The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat message field in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possibl...

EUVD-2020-26728

Malware in sbrugna...

EUVD-2025-9027

Malicious code in bioql PyPI...

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3....

CVE-2022-1279

A vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2...

CVE-2022-29232

BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a...

CVE-2023-47639 API Platform Core can leak exceptions message that may contain sensitive information

API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5...

SUSE SLES12 Security Update : openvpn (SUSE-SU-2025:1053-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2025:1053-1 advisory. - CVE-2024-5594: Fixed handling of null bytes and invalid characters in control messages bsc1235147. Tenable has extracted the preceding description...

CVE-2025-22311

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in DeluxeThemes Private Messages for UserPro userpro-messaging.This issue affects Private Messages for UserPro: from n/a through = 4.10.0...

Apple iOS和iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS prior to 18.0.1 and iPadOS prior to 18.0.1, which stems from an audio message...

Poddycast 跨站脚本漏洞

Poddycast is an electronically produced podcasting application. A cross-site scripting vulnerability exists in Poddycast that stems from the product not clearing HTML special characters from podcast messages. An attacker could cause client-side code execution via this vulnerability. The following...

Multiple vulnerabilities in Cybozu Office

Overview Cybozu Office provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1657 Operational restrictions bypass vulnerability in Scheduler CWE-264 - CVE-2021-20624 CyVDB-1727 Operational restrictions bypass vulnerability in Bulletin Board CWE-264 - CVE-2021-20625...

Unspecified Vulnerability in Messages Component of Multiple Apple Products

Apple iOS and others are products of Apple Inc.Apple iOS is a set of operating systems developed for mobile devices.Apple watchOS is a set of operating systems for smartwatches.Apple iPadOS is a set of operating systems for iPad tablets.Messages is one of the application components used to send...

Apple watchOS and iOS Messages have unspecified vulnerabilities

Apple iOS and Apple watchOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple watchOS is an operating system for smartwatches. messages is a component of the application used to send text, photos, and videos. A security vulnerability exists in th...

Apple watchOS Messages has an unspecified vulnerability

Apple watchOS is an operating system for smartwatches from Apple Inc. Messages is an application component for sending text, photos and videos. A security vulnerability exists in the Messages component in Apple watchOS versions prior to 5.3. After being removed from an iMessage call, an attacker...

Race condition

A vulnerability in the handling of Inter-Access Point Protocol IAPP messages by Cisco Wireless LAN Controller WLC Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition. The vulnerability exist because the software improperly validates input on field...

Apple iOS Messages Denial of Service Vulnerability (CNVD-2018-11369)

Apple iOS is an operating system developed by Apple for mobile devices. A security vulnerability exists in the Messages component of Apple iOS versions prior to 11.4. The vulnerability can be exploited by a remote attacker to cause a denial of service with the help of specially crafted messages...

CVE-2018-4250

An issue was discovered in certain Apple products. iOS before 11.4 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a denial of service via a crafted message...

Denial of Service Vulnerability in Multiple Apple Products (CNVD-2018-12254)

Apple iOS, macOS High Sierra, tvOS, and watchOS are products of Apple Inc. Apple iOS is a suite of operating systems for mobile devices; macOS High Sierra is a specialized operating system for Mac computers; tvOS is a smart TV operating system; and watchOS is a smart watch operating system.Messag...