1247 matches found
CVE-2026-32125 OpenEMR: Stored XSS in Track Anything Graphs via Unescaped Dygraph Titles/Labels
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input POST and later rendered in Dygraph charts titles/labels using innerHTML or equivalent without...
CVE-2026-32125
OpenEMR vulnerability CVE-2026-32125: Stored XSS in Track Anything Graphs due to unescaped Dygraph titles/labels. Prior to version 8.0.0.1, track item names stored from user input (POST) are rendered via innerHTML or equivalent, allowing a user who can create/edit items to inject script that exec...
CVE-2026-3950
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...
DEBIAN-CVE-2026-3950
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...
CVE-2026-3950
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...
UBUNTU-CVE-2026-3950
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...
CVE-2026-3950
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...
CVE-2026-3950 strukturag libheif stsz/stts track.cc load out-of-bounds
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...
CVE-2026-3950 strukturag libheif stsz/stts track.cc load out-of-bounds
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...
CVE-2026-3950
CVE-2026-3950 affects strukturag libheif up to 1.21.2. The issue occurs in Track::load (libheif/sequences/track.cc, stsz/stts) and causes an out-of-bounds read. Exploitation requires local access; exploit code is publicly available. A patch exists but is unofficial/not officially approved. Remedi...
CVE-2026-3950
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...
libheif 缓冲区错误漏洞
LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Struktur that include LibHEIF 1.21.2 and earlier contain a buffer error vulnerability. This vulnerability stems from incorrect operations in the Track::load function with...
PT-2026-24846
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input POST and later rendered in Dygraph charts titles/labels using innerHTML or equivalent without...
OpenEMR 跨站脚本漏洞
OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...
GHSA-WJ89-2385-GPX3 Craft Commerce has stored XSS in Inventory Location Name
Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...
CVE-2025-11143 vulnerabilities
Vulnerabilities for packages: solr, akhq, strimzi-kafka-operator, kafka, trino, dependency-track, neo4j, confluent-kafka, cloudwatch-exporter, zookeeper...
GHSA-WJPW-4J6X-6RWH vulnerabilities
Vulnerabilities for packages: solr, akhq, strimzi-kafka-operator, kafka, trino, dependency-track, neo4j, confluent-kafka, cloudwatch-exporter, zookeeper...
GHSA-WJPW-4J6X-6RWH vulnerabilities
Vulnerabilities for packages: cloudwatch-exporter, dependency-track, confluent-kafka, trino, kafka-fips, kafka, spark, wso2is, pinot, spark-kubernetes-operator, strimzi-kafka-operator, druid, spark-fips, confluent-kafka-jre-bcfips, strimzi-kafka-operator-fips, celeborn, apache-hop, akhq,...
CVE-2025-11143 vulnerabilities
Vulnerabilities for packages: cloudwatch-exporter, dependency-track, confluent-kafka, trino, kafka-fips, kafka, spark, wso2is, pinot, spark-kubernetes-operator, strimzi-kafka-operator, druid, spark-fips, confluent-kafka-jre-bcfips, strimzi-kafka-operator-fips, celeborn, apache-hop, akhq,...
PT-2026-24640
Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...