10822 matches found
EUVD-2026-43048
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk versions: from 0.0.0 to 9.7.1...
CVE-2026-10770
Improper Neutralization of Input During Web Page Generation "Cross-site Scripting" vulnerability in Drupal Anti-Spam by CleanTalk allows Reflected XSS. This issue affects Anti-Spam by CleanTalk versions: from 0.0.0 to 9.7.1...
CVE-2026-10770
CVE-2026-10770 affects the Drupal Anti-Spam by CleanTalk module (versions 0.0.0 through 9.7.1). The root cause is improper neutralization of input in web page generation, resulting in a Reflected XSS when rendering CleanTalk API responses in HTML. The issue is documented across multiple sources (...
CVE-2026-41899
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, POST /api/feedback has no authentication, no rate limiting, and no input validation, allowing arbitrary content to be forwarded directly to a Discord webhook and enabling...
CVE-2026-13376 WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in spamBlocker Module
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS spamBlocker module allows Stored XSS. This vulnerability is an additional unmitigated attack path for CVE-2025-1071. This issue affects Fireware OS 12.0 up to and...
CVE-2026-53169
In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: reject NPUOPRESIZE commands from userspace NPUOPRESIZE is a U85-only command that the driver does not yet implement. The existing WARNON1 placeholder fires unconditionally whenever userspace submits this command via...
OESA-2026-2722 dovecot security update
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. Security Fixes: Attacker can use a specially crafted base64 exchange between Dovecot and Client to fake SCRA...
CVE-2026-7167
The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...
CVE-2026-7167
The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...
CVE-2026-7167
The CVE-2026-7167 entry concerns the Assassin game by Gaudire. It identifies a flaw in the authentication flow where the system improperly validates the 'email' field, allowing unverified or fake email addresses to be used to create accounts. The underlying cause is insufficient validation during...
CVE-2026-7167 Multiple vulnerabilities in the Assassin game by Gaudire
The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...
SUSE-SU-2026:22185-1 Security update for dovecot24
This update for dovecot24 fixes the following issues - CVE-2026-27851: lib-var-expand: safe filter leaks to all following pipelines bsc1265146. - CVE-2026-33603: login: base64 input can contain tabs that bypass IPC protection bsc1265147. - CVE-2026-40016: Sieve: contains/: matches ONxM substring...
Malicious code in nottuff23 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41d429b099904a530f5dc4dfdd4724b7b6160c1de1330e0b103e8b8e3c737dfd The package is one of approximately 100 identically-named-pattern publishes from an automated bulk-publish operation. The tarball ships...
MAL-2026-5915 Malicious code in nottuff23 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 41d429b099904a530f5dc4dfdd4724b7b6160c1de1330e0b103e8b8e3c737dfd The package is one of approximately 100 identically-named-pattern publishes from an automated bulk-publish operation. The tarball ships...
Malicious code in nottuff15 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea629a411d1555cb4dbc80aa218539333aefce15e110ad0a5eaa16e4a58ab5f3 nottuff15 is one entry in a coordinated npm namespace-spam campaign. The tarball ships auto-publish.sh, a bash script that copies the package content...
Microsoft Defender email security benchmarking: Key insights from one year of data
Microsoft publishes quarterly email security benchmarking data comparing Microsoft Defender against secure email gateway SEG and integrated cloud email security ICES vendors using real-world threat telemetry. A year ago, we set out to change how email security effectiveness is measured. With our...
Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites...
Malicious code in ai-sdk-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501daa3c8b2c9c2609dc60fd90ae59710a603ae56fa5dcc867d24913889c5413 [email protected] is a typosquat impersonating the Vercel AI SDK ecosystem homepage ai-sdk.guide, author 'AI SDK Guide '. On npm install,...
MAL-2026-5565 Malicious code in ai-sdk-helpers (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 501daa3c8b2c9c2609dc60fd90ae59710a603ae56fa5dcc867d24913889c5413 [email protected] is a typosquat impersonating the Vercel AI SDK ecosystem homepage ai-sdk.guide, author 'AI SDK Guide '. On npm install,...
CVE-2026-8071 Spam protection, Honeypot, Anti-Spam by CleanTalk < 6.79 - Unauthenticated Stored XSS via Comment Shortcode Bypass
The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated attackers to inject arbitrary web scripts into approved comments that will execute when any user...