PT-2026-34596

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.5.0 Description A Stored DOM XSS Cross-Site Scripting issue exists in the backup module. An attacker can manipulate the filename field using an SQL file to inject a hidden XSS payload, potentially leading to full...

CVE-2026-2404

CVE-2026-2404 describes an input handling flaw (CWE-116) where improper encoding/escaping of output can lead to log injection and forged logs when an attacker alters the POST /j_security check request payload. The description confirms a network-exposed vector (AV:N) with no user interaction requi...

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

CVE-2026-3502

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

CVE-2026-3502 TrueConf Client Update Integrity Verification Bypass

TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code...

CVE-2026-3502

The CVE-2026-3502 issue affects TrueConf Client where the update payload is downloaded and installed without integrity verification, allowing an attacker who controls the update path to substitute a tampered payload and potentially achieve arbitrary code execution in the updater process or user c...

PT-2026-29097

Name of the Vulnerable Software and Affected Versions TrueConf versions 8.1.0 through 8.5.2 Description TrueConf Client downloads application update code and applies it without performing integrity or authenticity verification. An attacker capable of influencing the update delivery path, such as ...

PT-2024-40136 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel affected versions not specified Description: The issue concerns a potential exploit of the Laravel Encrypter component. This exploit may cause the Encrypter to fail during decryption and unexpectedly return false. To exploit this, an...