SUSE CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

CVE-2026-31994

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation...

EUVD-2026-14588

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

Exploit for Missing Authorization in Xwiki

Research: XWiki Platform RCE CVE-2024-55879 Simulation !Se...

PT-2025-47477

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component F2MAdmin that exposes an unauthenticated script-management endpoint at AudioCodes files/utils/IVR/diagram/ajaxScript.php. The saveScript action writes attacker-suppli...

CVE-2025-0277

CVE-2025-0277 affects HCL BigFix Mobile 3.3 and earlier. The issue arises from insecure directives in the Content Security Policy (CSP) , enabling an attacker to trick users into performing actions by insufficiently restricting sources of scripts and other content. What is vulnerable: CSP configu...

EUVD-2025-24233

Malicious code in bioql PyPI...

CVE-2025-40769

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site...

CVE-2025-40769

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site...

CVE-2025-40769

A vulnerability has been identified in SINEC Traffic Analyzer 6GK8822-1BG01-0BA0 All versions V3.0. The affected application uses a Content Security Policy that allows unsafe script execution methods. This could allow an attacker to execute unauthorized scripts, potentially leading to cross-site...

The vulnerability of the sysstat utility’s sysstat.in function, which is used for measuring and analyzing system performance. This vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service interruptions.

The vulnerability of the sysstat utility for measuring and analyzing system performance involves the creation of a potentially unsafe script. Exploiting this vulnerability can allow an attacker to access confidential data, compromise its integrity, and cause service interruptions...

libreoffice: Unsafe URL assembly flaw in allowed script location check

LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice...

RHEL 7 : OpenShift Container Platform 4.1 jenkins-2-plugins (RHSA-2019:1636)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2019:1636 advisory. This advisory contains the jenkins-2-plugins RPM packages for Red Hat OpenShift Container Platform 4.1.4. See the following advisory for the...

MGASA-2017-0054 Updated mariadb packages fix security vulnerability

Root Privilege Escalation CVE-2016-6664. Unspecified vulnerability affecting the Optimizer component CVE-2017-3238. Unspecified vulnerability affecting the Charsets component CVE-2017-3243. Unspecified vulnerability affecing the DML component CVE-2017-3244. Unspecified vulnerability affecting...

Microsoft Outlook Express 56 - MHTML URL Handler File Rendering

Microsoft Outlook Express 56 - MHTML URL Handler File Rendering source: https://www.securityfocus.com/bid/5473/info Microsoft Outlook Express introduced a URL handler called MHTML MIME Encapsulation of Aggregate HTML. This allows Internet Explorer to pass MHTML files to Outlook Express for...