Lucene search
K

1247 matches found

OSV
OSV
added 2026/03/11 8:51 p.m.4 views

CVE-2026-32125 OpenEMR: Stored XSS in Track Anything Graphs via Unescaped Dygraph Titles/Labels

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input POST and later rendered in Dygraph charts titles/labels using innerHTML or equivalent without...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References3
CVE
CVE
added 2026/03/11 8:51 p.m.15 views

CVE-2026-32125

OpenEMR vulnerability CVE-2026-32125: Stored XSS in Track Anything Graphs due to unescaped Dygraph titles/labels. Prior to version 8.0.0.1, track item names stored from user input (POST) are rendered via innerHTML or equivalent, allowing a user who can create/edit items to inject script that exec...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/11 8:16 p.m.3 views

CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS0.00117EPSS
Exploits0References7
OSV
OSV
added 2026/03/11 8:16 p.m.5 views

DEBIAN-CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS3.9AI score0.00117EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/11 8:16 p.m.3 views

CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS5.4AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 8:16 p.m.3 views

UBUNTU-CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS5.1AI score0.00117EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/11 7:2 p.m.4 views

CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS5.2AI score0.00117EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/03/11 7:2 p.m.32 views

CVE-2026-3950 strukturag libheif stsz/stts track.cc load out-of-bounds

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS0.00117EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/11 7:2 p.m.3 views

CVE-2026-3950 strukturag libheif stsz/stts track.cc load out-of-bounds

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS5.2AI score0.00117EPSS
Exploits0References7
CVE
CVE
added 2026/03/11 7:2 p.m.9 views

CVE-2026-3950

CVE-2026-3950 affects strukturag libheif up to 1.21.2. The issue occurs in Track::load (libheif/sequences/track.cc, stsz/stts) and causes an out-of-bounds read. Exploitation requires local access; exploit code is publicly available. A patch exists but is unofficial/not officially approved. Remedi...

4.8CVSS5.2AI score0.00117EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/03/11 7:2 p.m.4 views

CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS3.9AI score0.00117EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.5 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Struktur that include LibHEIF 1.21.2 and earlier contain a buffer error vulnerability. This vulnerability stems from incorrect operations in the Track::load function with...

4.8CVSS6AI score0.00117EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.6 views

PT-2026-24846

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, track/item names from the Track Anything feature are stored from user input POST and later rendered in Dygraph charts titles/labels using innerHTML or equivalent without...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.8 views

OpenEMR 跨站脚本漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0.1 contained a cross-site...

5.4CVSS5.6AI score0.00162EPSS
Exploits1References1
OSV
OSV
added 2026/03/10 6:23 p.m.1 views

GHSA-WJ89-2385-GPX3 Craft Commerce has stored XSS in Inventory Location Name

Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...

4.8CVSS6AI score0.00234EPSS
Exploits0References4
Wolfi
Wolfi
added 2026/03/10 7:48 a.m.4 views

CVE-2025-11143 vulnerabilities

Vulnerabilities for packages: solr, akhq, strimzi-kafka-operator, kafka, trino, dependency-track, neo4j, confluent-kafka, cloudwatch-exporter, zookeeper...

6.5CVSS6.8AI score0.00159EPSS
Exploits0
Wolfi
Wolfi
added 2026/03/10 7:48 a.m.3 views

GHSA-WJPW-4J6X-6RWH vulnerabilities

Vulnerabilities for packages: solr, akhq, strimzi-kafka-operator, kafka, trino, dependency-track, neo4j, confluent-kafka, cloudwatch-exporter, zookeeper...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/03/10 7:17 a.m.2 views

GHSA-WJPW-4J6X-6RWH vulnerabilities

Vulnerabilities for packages: cloudwatch-exporter, dependency-track, confluent-kafka, trino, kafka-fips, kafka, spark, wso2is, pinot, spark-kubernetes-operator, strimzi-kafka-operator, druid, spark-fips, confluent-kafka-jre-bcfips, strimzi-kafka-operator-fips, celeborn, apache-hop, akhq,...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/03/10 7:17 a.m.10 views

CVE-2025-11143 vulnerabilities

Vulnerabilities for packages: cloudwatch-exporter, dependency-track, confluent-kafka, trino, kafka-fips, kafka, spark, wso2is, pinot, spark-kubernetes-operator, strimzi-kafka-operator, druid, spark-fips, confluent-kafka-jre-bcfips, strimzi-kafka-operator-fips, celeborn, apache-hop, akhq,...

6.5CVSS6.8AI score0.00159EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.2 views

PT-2026-24640

Summary A stored XSS vulnerability exists in the Commerce Settings - Inventory Locations page. The Name field is rendered without proper HTML escaping, allowing an attacker to execute arbitrary JavaScript. This XSS triggers when an administrator or user with product editing permissions creates or...

4.8CVSS6AI score
Exploits0References4
Rows per page
Query Builder