PT-2026-31673

Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev97 Description Certain WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke, allowing authenticated low-privileged users to execute MODIFY operations that should be denied by...

BIT-DISCOURSE-2026-32607 Discourse: Stored XSS via unescaped assignee name

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user and group display names are rendered without HTML...

WebSP-Eval: Evaluating Web Agents on Website Security and Privacy Tasks

Web agents automate browser tasks, ranging from simple form completion to complex workflows like ordering groceries. While current benchmarks evaluate general-purpose performancee.g., WebArena or safety against malicious actionse.g., SafeArena, no existing framework assesses an agent's ability to...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability. This vulnerability stemmed from insufficient policy execution in the browser’s UI, allowing remote attackers who had infiltrated the rendering process to...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability due to a policy bypass in Blink, which could lead to UI deception through specially crafted HTML pages...

Linux Distros Unpatched Vulnerability : CVE-2019-25656

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - R i386 3.5.0 contains a local buffer overflow vulnerability in the GUI Preferences dialog that allows local attackers to trigger a structured exception handler...

CVE-2026-35046

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...

EUVD-2026-19390

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, Tandoor Recipes allows authenticated users to inject arbitrary tags into recipe step instructions. The bleach.clean sanitizer explicitly whitelists the tag, causing the backend to...

CVE-2026-5562

Provectus Kafka-UI

CVE-2026-5533

The CVE-2026-5533 entry concerns badlogic pi-mono 0.58.4. The vulnerability affects the SVG Artifact Handler, specifically the SvgArtifact.ts file under packages/web-ui/src/tools/artifacts. It is caused by manipulation of an unknown function, leading to cross-site scripting. Remote exploitation i...

R 缓冲区错误漏洞

R is a statistical computing software developed by The R Foundation. Version 3.5.0 of R i386 contains a buffer overflow vulnerability. This vulnerability stems from a local buffer overflow in the GUI Preferences dialog box, which may allow local attackers to trigger the structured exception handl...

EUVD-2018-21758

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the...

EUVD-2017-18960

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...

PT-2026-30373

Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the...

CVE-2026-34725

DbGate is cross-platform database manager. From version 7.0.0 to before version 7.1.5, a stored XSS vulnerability exists in DbGate because attacker-controlled SVG icon strings are rendered as raw HTML without sanitization. In the web UI this allows script execution in another user's browser; in t...

CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...

CVE-2017-20235

CVE-2017-20235 affects ProSoft Technology ICX35-HWC gateways (firmware version 1.3 and earlier). The issue is an authentication bypass in the web user interface that lets unauthenticated attackers access administrative functions and full device configuration without valid credentials. Affected co...

CVE-2017-20235 ProSoft Technology ICX35-HWC Authentication Bypass

ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechani...

CVE-2026-1243

IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

CVE-2026-3987

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated system process.This issue affects Fireware OS 12.6.1 up to and including 12.11.8 and 2025.1 up to and...