JetBrains YouTrack < 2026.1.13162 Multiple Vulnerabilities

The version of JetBrains YouTrack installed on the remote host is prior to 2026.1.13162. It is, therefore, affected by multiple vulnerabilities as referenced in the advisory. - In JetBrains YouTrack before 2026.1.13162 information disclosure was possible on fetchApp requests. CVE-2026-49370 - In...

Lyrion Music Server 9.2.0 (metadata) Stored XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

PT-2026-46976

A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown functionality of the file /dashboard page/forms/fetch.php. The manipulation of the argument department...

PT-2026-46898

IN Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences...

📄 Lyrion Music Server 9.2.0 metadata Persistent Cross Site Scripting

Lyrion Music Server version 9.2.0 stores media file metadata tags such as GENRE, ARTIST, and ALBUM exactly as written in the file and later renders them in its web interface without HTML-encoding, resulting in persistent cross site scripting. An attacker who gets a file with a malicious tag into...

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Stored XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

PT-2026-46950

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

PT-2026-46899

In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog aka the communication log administration view...

PT-2026-47072

The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

PT-2026-46963

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliative lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptid key parameter lines 26, 42 in...

CVE-2026-38579

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...

RockyLinux 10 : php8.4 (RLSA-2026:22649)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22649 advisory. PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions CVE-2026-7258 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting...

PT-2026-46951

Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attackers can craft files with XSS payloads in metadata tags that execute in the web interface when user...

PT-2026-47049

Name of the Vulnerable Software and Affected Versions Arista Edge Threat Management - Arista Next Generation Firewall NGFW affected versions not specified Description An administrative cross-site scripting XSS issue exists in the web user interface dashboard layout. Unvalidated user-supplied...

Linux Distros Unpatched Vulnerability : CVE-2026-11166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTM...

Suricata 8.x < 8.0.5 Multiple Vulnerabilities

The version of OISF Suricata installed on the remote host is 8.x prior to 8.0.5. It is, therefore, affected by multiple vulnerabilities, including: - LDAP transaction state could store an unbounded number of responses. Because LDAP can be processed over UDP, crafted traffic may cause Suricata to...

Suricata < 7.0.16 Denial of Service Vulnerability

The version of OISF Suricata installed on the remote host is prior to 7.0.16. It is, therefore, affected by a vulnerability: - The Lua TLS certificate information helper could dereference NULL certificate fields when a Lua script requested certificate information for TLS traffic where some...

Revive Adserver 6.0.6 XSS / SQL Injection / Code Injection

Revive Adserver versions 6.0.6 and below suffer from access control, code injection, cross site scripting, and remote SQL injection vulnerabilities...

Lyrion Music Server 9.2.0 (server.log) Unauthenticated Reflected XSS

Summary Lyrion Music Server formerly Logitech Media Server, and often abbreviated as "LMS" is open-source software which can control and serve stream music to a wide range of physical and virtual audio players called Squeezeboxes. Lyrion Music Server can stream your local music collection, intern...

Linux Distros Unpatched Vulnerability : CVE-2026-50591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. CVE-2026-50591 Note that Nessus relies on the presence of the...