90524 matches found
CVE-2026-55058
creationtimestamp| type| source ---|---|--- 2026-07-14 19:00:58+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2026-0237 2026-07-14 22:03:03+00:00| seen| https://www.thezdi.com/blog/2026/7/14/the-july-2026-security-update-review 2026-07-15 01:00:52+00:00| seen|...
RLSA-2026:38492 Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: md/bitmap: fix GPF in writepage caused by resize race CVE-2026-43163 kernel: rtmutex: Use waiter::task instead of current in removewaiter CVE-2026-43499 kernel: futex/requeue: Prevent NUL...
CVE-2026-58647
CVE-2026-58647 affects Microsoft Power BI Power BI Report Server. The issue is an improper neutralization of input during web page generation, enabling cross-site scripting. Attackers must be authorized, require user interaction, and can exploit over the network to perform spoofing with high impa...
CVE-2026-55008
CVE-2026-55008 affects Microsoft Exchange Server and is caused by improper neutralization of input during web page generation, enabling cross-site scripting. The NVD entry lists a high-severity CVSS 3.1 base score of 9.6 (NETWORK, LOW attack complexity, NONE privileges, user interaction required,...
CVE-2026-54432
Roundcube Webmail affected: versions before 1.6.17 and 1.7.x before 1.7.2 are vulnerable to a Stored XSS flaw. Root cause: the attachment MIME type is not properly escaped on the attachment-validation warning page, enabling script execution within a victim’s session when an email is viewed. Affec...
CVE-2026-60119 Hi.Events < 1.11.0 XSS via Event Title JSON.stringify Injection
Hi.Events before 1.11.0 contains a cross-site scripting vulnerability that allows authenticated attackers with event creation or edit permissions to inject arbitrary HTML and JavaScript by embedding a malicious event title containing the sequence, which is not escaped by JSON.stringify when...
CVE-2026-15695
A flaw has been found in Tenda BE12 Pro 16.03.66.23. The affected element is the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may ...
CVE-2026-52838
Affected software: Easy!Appointments (self-hosted appointment scheduler). Vulnerability: Stored XSS via the public booking page. An authenticated administrator can store HTML/JavaScript in the disable_booking_message setting (rich-text editor). The value is later passed directly to the public boo...
CVE-2026-52838 Easy!Appointments disable_booking_message rendered as raw HTML on public booking page — Stored XSS
Easy!Appointments is a self hosted appointment scheduler. Versions prior to 1.6.0 allow administrators to define a custom "booking disabled" message through the booking settings page. That value is stored in the disablebookingmessage setting via a rich-text editor and later passed directly to the...
CVE-2026-52837
Summary: Easy!Appointments
CVE-2026-52837 Easy!Appointments has unauthenticated customer PII disclosure on booking reschedule page
Easy!Appointments is a self hosted appointment scheduler. In versions up to and including 1.5.2, the booking reschedule view at /index.php/booking/reschedule/appointmenthash handled by Booking::index embeds the entire customer record as inline JavaScript const vars = ... "customerdata": ...,...
Microsoft PowerBI Report Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Power BI allows an authorized attacker to perform spoofing over a network...
Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
Microsoft SharePoint Server Spoofing Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...
Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...
CVE-2026-15692
CVE-2026-15692 affects Tenda BE12 Pro firmware 16.03.66.23. The vulnerability lies in the fromSafeUrlFilter function within /goform/SafeUrlFilter, where manipulating the argument page can cause a stack-based buffer overflow. This can be exploited remotely, and public exploits are available. Conne...
CVE-2026-15691
The CVE-2026-15691 entry concerns Tenda BE12 Pro 16.03.66.23. It affects the function fromSafeClientFilter in /goform/SafeClientFilter; manipulating the argument page causes a stack-based buffer overflow. The vulnerability can be triggered remotely, and a public exploit has been released. The con...
kernel: iommu: disable SVA when CONFIG_X86 is set
A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...
kernel: Linux kernel: netfilter: ebtables SNAT target writes to shared memory pages during ARP hardware address rewrite
A flaw was found in the Linux kernel's netfilter bridge ebtables SNAT Source Network Address Translation module. This vulnerability allows a local attacker on a system configured with specific bridge netfilter rules to improperly modify underlying memory pages during an ARP Address Resolution...
kernel: iommu: disable SVA when CONFIG_X86 is set
A security vulnerability was found in the Linux kernel's IOMMU Shared Virtual Addressing SVA implementation on x86 architecture. When SVA is enabled, the IOMMU caches kernel page table entries. Since the kernel lacks a mechanism to notify the IOMMU when kernel page table pages are freed and...