CVE-2026-2311

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-2311

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-3346

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

PT-2026-36188

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.6.0 through 1.8.4 Description Stored cross-site scripting occurs when an authenticated user embeds arbitrary JavaScript code in the Web UI. This can alter the intended functionality and potentially lead to the...

GHSA-3GXM-WFJX-M847 beets has a Cross-site Scripting vulnerability

During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...

CVE-2025-10503

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

Juniper Junos OS Vulnerability (JSA100078)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100078 advisory. - An Improper Access Control vulnerability in the User Interface UI of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading...

Juniper Junos OS Vulnerability (JSA96464)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96464 advisory. - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local,...

EUVD-2026-26111

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on...

CVE-2026-30351

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...

CVE-2026-5938

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

EUVD-2026-25824

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

CVE-2026-5938

CVE-2026-5938 affects Foxit PDF Editor/Reader. A crafted document action chain can trigger improper control flow, causing modal dialogs to reenter on the main thread and leading to a UI freeze/denial of service. The description indicates an infinite loop-like behavior related to the dialog handli...

CVE-2026-5938 Foxit PDF Editor/Reader Infinite Loop Denial-of-Service Vulnerability

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

CVE-2026-5940

Summary of CVE-2026-5940 : Foxit PDF Editor/Reader contains a use-after-free vulnerability in the annotation flow. The issue arises when a function triggers a UI refresh after removing comments via a script, which may access an invalidated object and cause a crash. The CVE record cites a CVSS v3....

EUVD-2026-25826

Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes...

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader and Foxit PDF Editor are products of Foxit Corporation, a Chinese company. Foxit PDF Reader is a PDF reader. Foxit PDF Editor is a PDF editor. Both Foxit PDF Editor and Foxit PDF Reader have security vulnerabilities. These vulnerabilities stem from improper control flow managemen...

AutoForge 路径遍历漏洞

AutoForge is an intelligent coding proxy tool open source by AutoForgeAI. Version 79d02a of AutoForge contains a path traversal vulnerability, which stems from path traversal in UI/static components. This vulnerability could allow attackers to access arbitrary files...

PT-2026-35400

Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service...

PT-2026-35439

A path traversal vulnerability in the UI/static component of leonvanzyl autocoder commit 79d02a allows attackers to read arbitrary files via sending crafted URL path containing traversal sequences...