PT-2026-5713

Name of the Vulnerable Software and Affected Versions Signal K Server versions prior to 1.5.0 Signal K Set-System-Time plugin versions prior to 1.5.0 Description A command injection issue exists in the Signal K Server and its Set-System-Time plugin. Authenticated users with write permissions can...

Signal K Server 操作系统命令注入漏洞

The Signal K Server is an open-source marine central server developed by Signal K. Versions of the Signal K Server prior to 1.5.0 contained a vulnerability related to operating system command injection. This vulnerability stemmed from insecure shell command constructions when handling the...

EUVD-2026-5082

The Booking Calendar plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wpbcajaxWPBCFLEXTIMELINENAV function in all versions up to, and including, 10.14.13. This makes it possible for unauthenticated attackers to retrieve booking information...

qt6-webengine -- multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: CVE-2025-13223: Type Confusion in V8 CVE-2025-13224: Type Confusion in V8 CVE-2025-13630: Type Confusion in V8 CVE-2025-13632: Inappropriate implementation in DevTools CVE-2025-13634: Inappropriate implementation i...

GHSA-3HMW-8MW3-RMPJ NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter

Summary An unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect value and conditionally performs client-side navigation without enforcing an...

NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter

Summary An unvalidated redirect open redirect vulnerability exists in NocoDB’s login flow due to missing validation of the continueAfterSignIn parameter. During authentication, NocoDB processes a user-controlled redirect value and conditionally performs client-side navigation without enforcing an...

PINA: Prompt Injection Attack against Navigation Agents

Navigation agents powered by large language models LLMs convert natural language instructions into executable plans and actions. Compared to text-based applications, their security is far more critical: a successful prompt injection attack does not just alter outputs but can directly misguide...

MiracleLinux 9 : firefox-102.9.0-3.el9.ML.1 (AXSA:2023-5234:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-5234:12 advisory. Mozilla: Incorrect code generation during JIT compilation CVE-2023-25751 Mozilla: Memory safety bugs fixed in Firefox 111 and Firefox ESR 102.9...

RHEL 9 : gpsd-minimal (RHSA-2026:0771)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:0771 advisory. gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on...

Open Redirect

React Router is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of attacker-supplied navigation paths, which allows an attacker to craft a malicious path that forces the application to redirect users to an external, potentially malicious URL...

Astra Linux – Vulnerability in Chromium

Inappropriate implementations in Extensions in Google Chrome prior to 142.0.7444.59 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions through a crafted Chrome Extension. Chromium security severity: High...

PT-2026-31517

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 147.0.7727.55 Description An issue in the History feature of the Google Chrome browser relates to errors in how information is presented in the user interface. Successful exploitation could allow a remote attack...

CVE-2025-68470 React Router has unexpected external redirect via untrusted paths

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

CVE-2025-68470

CVE-2025-68470 affects React Router (versions 6.0.0–6.30.1 and 7.0.0–7.9.5). An attacker-supplied path can cause a navigation/redirect to an external URL when navigating via navigate(), Link, or redirect(), if untrusted content is used in navigation paths. The issue is addressed in React Router b...

CVE-2025-68470 React Router has unexpected external redirect via untrusted paths

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

PT-2026-1914

Name of the Vulnerable Software and Affected Versions React Router versions 6.0.0 through 6.30.1 React Router versions 7.0.0 through 7.9.5 Description A crafted path supplied by an attacker can cause a React Router application to navigate or redirect to an external URL when using navigate, , or...

CVE-2019-11699

A malicious page can briefly cause the wrong name to be highlighted as the domain name in the addressbar during page navigations. This could result in user confusion of which site is currently loaded for spoofing attacks. This vulnerability affects Firefox 67...

CVE-2024-41647

Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2mppicontroller...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the navigation redirect process for loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes. An attacker can execute arbitrary JavaScript code in the context of the user's browser by...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the navigation redirect process for loaders or actions in Framework Mode, Data Mode, or the unstable RSC modes. An attacker can execute arbitrary JavaScript code in the context of the user's browser by...