16734 matches found
CVE-2026-50709
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...
CVE-2026-50709 Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering
A Stored Cross-Site Scripting XSS vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications Events panel...
CVE-2026-50709
CVE-2026-50709 : In Frappe Framework 17.0.0-dev, a stored XSS vulnerability exists in the Notifications → Events panel due to improper neutralization of user-controlled input. The issue affects the rendering of color in Events and is described with a CVSS v4.0 base score of 4.8 (MEDIUM). The conn...
CVE-2026-54324
Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.185.0, a cross-tenant authorization flaw in Daytona's notification WebSocket gateway allowed any authenticated user to subscribe to another organization's realtime notification...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduced a -pollcci method For the ACPI backend of UCSI, the UCSI “registers” are merely a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the contents of t...
Astra Linux – Vulnerability in Firefox and Thunderbird
Privilege escalation in the DOM: Notifications component. This vulnerability was fixed in Firefox 146, Firefox ESR 115.31, Firefox ESR 140.6, Thunderbird 146, and Thunderbird 140.6...
Astra Linux – Vulnerability in Chromium
Before version 90.0.4430.212, using “after free” in notifications in Google Chrome allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption through a crafted HTML page...
Astra Linux – Vulnerability in Xen
Inappropriate x86 IOMMU timeout detection/handling: IOMMU processes commands that are issued in parallel with the operation of the CPUs that issue those commands. In the current implementation in Xen, asynchronous notifications of the completion of such commands are not used. Instead, the issuing...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check the control transfer buffer size before accessing it. If the first fragment is shorter than struct usbcdcnotification, we cannot calculate the expectedsize. Instead, log an error and discard the notification...
EUVD-2026-37638
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
EUVD-2026-37639
Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...
CVE-2026-54802
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
CVE-2026-54803
Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...
CVE-2026-52698
Subscriber Sensitive Data Exposure in PushEngage – Web Push Notifications, eCommerce Automation & Chat Widget = 4.2.3 versions...
CVE-2026-54803 WordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerability
Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...
CVE-2026-54803
CVE-2026-54803 affects the WordPress plugin SMS Alert Order Notifications up to version 3.9.4, with a subscriber privilege escalation vulnerability. Documents confirm affected product (WordPress plugin), vulnerable component (the plugin’s order notifications), and impact (privilege escalation for...
CVE-2026-54802
CVE-2026-54802 affects the WordPress plugin “SMS Alert Order Notifications” (versions
CVE-2026-54802 WordPress SMS Alert Order Notifications plugin <= 3.9.3 - Broken Authentication vulnerability
Unauthenticated Broken Authentication in SMS Alert Order Notifications = 3.9.3 versions...
CVE-2026-52698
The CVE concerns the WordPress PushEngage plugin (versions
USN-8440-1 linux-azure-6.8 vulnerabilities
Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly verify the signature of CPU microcode. This flaw is known as EntrySign. A privileged attacker could possibly use this issue to cause load malicious CPU microcod...