CVE-2026-2054

A security flaw has been discovered in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. Impacted is an unknown function of the component Wifi Setting Handler. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit has been released to the publi...

WordPress Form Maker by 10Web plugin <= 1.15.35 - Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability

Unauthenticated Stored Cross-Site Scripting via SVG file vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin Form Maker by 10Web versions = 1.15.35...

PT-2026-6783

Name of the Vulnerable Software and Affected Versions HedgeDoc versions prior to 1.10.6 Description HedgeDoc is a real-time, collaborative, markdown notes application. Versions before 1.10.6 had a permissive Content-Security-Policy for files served under the /uploads/ endpoint. This allowed for t...

CVE-2025-41085

Stored Cross-Site Scripting XSS vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request to '/api/v1/user-avatar', which are then stored on the server and execute...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the comment field in song metadata. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious content into this field. Details Cross-site scripting or XSS is a...

CVE-2019-25271

NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations...

Winter CMS has Stored Cross-site Scripting (XSS) in Asset Manager

Impact Affected versions of Winter CMS allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manageasset...

CVE-2019-25264

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

CVE-2026-23107

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's svestate before setting TIFSME. Consequently, restoring a ZA context can place a task into an...

UBUNTU-CVE-2026-23102

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read from out-of-bounds...

CVE-2026-23102

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read from out-of-bounds...

CVE-2026-23102 arm64/fpsimd: signal: Fix restoration of SVE context

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read from out-of-bounds...

CVE-2026-1065

The Form Maker by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.15.35. This is due to the plugin's default file upload allowlist including SVG files combined with weak substring-based extension validation. This makes it possible fo...

CVE-2025-41085

Stored Cross-Site Scripting XSS vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request to '/api/v1/user-avatar', which are then stored on the server and execute...

CVE-2025-41085

Stored Cross-Site Scripting XSS vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files by sending a POST request to '/api/v1/user-avatar', which are then stored on the server and execute...

CVE-2025-41085

Summary : CVE-2025-41085 is a stored XSS in Apidog 2.7.15 due to improper sanitization of SVG uploads. An attacker can exploit by posting an SVG image to the endpoints exposed by the API (/api/v1/user-avatar), resulting in scripts being stored on the server and executed when a user accesses the c...

CVE-2025-61657

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...

CVE-2025-6596

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js. This issue affects Vecto...

Cisco Secure Web Appliance 安全漏洞

Cisco Secure Web Appliance is an application developed by the American company Cisco. It is used to protect websites. There is a security vulnerability in Cisco Secure Web Appliance, which stems from the dynamic vector and stream engine’s improper handling of certain archive files. This...

PT-2026-6448

Impact Affected versions of Winter CMS allow users with access to the CMS Asset Manager were able to upload SVGs without automatic sanitization. To actively exploit this security issue, an attacker would need access to the Backend with a user account with the following permission: cms.manage asse...