CVE-2026-8218 Devs Palace ERP Online purchase_return_save cross site scripting

A weakness has been identified in Devs Palace ERP Online up to 4.0.0. The affected element is an unknown function of the file /inventory/purchasereturnsave. Executing a manipulation can lead to cross site scripting. The attack may be launched remotely. The exploit has been made available to the...

PT-2026-39489

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/myAuctions/status/loose module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts v...

XML::LibXML 缓冲区错误漏洞

XML::LibXML is an open-source Perl interface tool developed by CPAN authors for parsing and manipulating XML files. Versions of XML::LibXML 2.0210 and earlier contained a buffer error vulnerability. This vulnerability stemmed from the parsing of XML node names that contained truncated UTF-8 byte...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

Rocket LMS 跨站脚本漏洞

Rocket LMS is an educational platform system developed by the American company Rocket, which integrates online course management and learning interaction functions. Version 1.1 of Rocket LMS contains a cross-site scripting vulnerability. This vulnerability stems from a persistent cross-site...

PT-2026-39539

Name of the Vulnerable Software and Affected Versions Net::CIDR::Lite versions prior to 0.24 Description Improper validation of CIDR mask values allows extraneous zero characters to be processed. Mask forms such as "/00" and "/01" pass validation and are parsed as the same prefix as their unpadde...

PT-2026-39492

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the tickets/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET...

ImpressCMS 代码注入漏洞

ImpressCMS is a modular content management system CMS based on MySQL, developed by ImpressCMS Inc. This system includes modules for news publishing, forums, and photo albums. Version 1.4.2 of ImpressCMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw...

Evolution CMS 代码注入漏洞

Evolution CMS is an open-source content management system based on PHP, developed by Evolution CMS. Version 3.1.6 of Evolution CMS has a code injection vulnerability. This vulnerability stems from a remote code execution flaw, allowing authenticated users with module creation permissions to execu...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleaning of the filter functions for t...

PT-2026-39514

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

PT-2026-39493

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the auctions/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted GET...

PT-2026-39494

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

uBidAuction 跨站脚本漏洞

uBidAuction is an auction website system developed by the uBidAuction company, which supports online bidding and product transaction management. Version 2.0.1 of uBidAuction has a cross-site scripting vulnerability. This vulnerability stems from the improper cleanup of the filter functions for th...

CVE-2026-8196

A flaw has been found in JeecgBoot 3.9.1. The impacted element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/LoginController.java of the component mLogin Endpoint. This manipulation causes authorization bypass. The attack...

CVE-2026-8195 JeecgBoot SVG File CommonController.java cross site scripting

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

Exploit for Write-what-where Condition in Linux Linux_Kernel

Dirty Frag check CVE-2026-43284 / CVE-2026-43500 Read-only...

OESA-2026-2224 perl-Image-ExifTool security update

ExifTool is a Perl module with an included command-line application for reading and writing meta information in image, audio, and video files. It reads EXIF, GPS, IPTC, XMP, JFIF, MakerNotes, GeoTIFF, ICC Profile, Photoshop IRB, FlashPix, AFCP, and ID3 meta information from JPG, JP2, TIFF, GIF,...

OPENSUSE-SU-2026:20711-1 Security update for hauler

This update for hauler fixes the following issues: Changes in hauler: - update to 1.4.3 bsc1262353, CVE-2026-39984, bsc1262942, CVE-2026-34986: 1.4 Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 in the gomodules group across 1 directory 1.4 Bump github.com/sigstore/timestamp-authority/v2...

org.springframework.ai:spring-ai-starter-vector-store-milvus (>=1.0.0 <=1.0.6), plus.hiver:hiver-module-ai (=1.0.9) potentially affected by CVE-2026-41705 via org.springframework.ai:spring-ai-milvus-store (>=1.0.0 <=1.0.6)

org.springframework.ai:spring-ai-milvus-store MAVEN version =1.0.0, =1.0.0, =1.0.6 - plus.hiver:hiver-module-ai =1.0.9 Source cves: CVE-2026-41705 Source advisory: OSV:GHSA-V632-2M87-7469...