CVE-2026-29048

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...

EUVD-2026-10014

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...

CVE-2026-29048

HumHub (Open Source Enterprise Social Network) vulnerability CVE-2026-29048 affects HumHub 1.18.0 in the Button component, where inconsistent output encoding allows cross-site scripting. The CVSS 4.0 vector yields a base score of 6.9 (Medium) with network attack vector, low attack complexity, and...

CVE-2026-29048 HumHub: XSS in Button component

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...

CVE-2026-29048 HumHub: XSS in Button component

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...

CVE-2026-29048

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identified in the Button component of version 1.18.0. Due to inconsistent output encoding at several points within the software, malicious scripts could be injected and executed in the...

PT-2026-23656

Name of the Vulnerable Software and Affected Versions HumHub version 1.18.0 Description HumHub is an Open Source Enterprise Social Network. A cross-site scripting issue exists in the Button component due to inconsistent output encoding. This allows for the injection and execution of malicious...

Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1

cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...

Important: Red Hat Security Advisory: cert-manager Operator for Red Hat OpenShift 1.18.1

cert-manager Operator for Red Hat OpenShift 1.18.1 The cert-manager Operator for Red Hat OpenShift builds on top of Kubernetes, introducing certificate authorities and certificates as first-class resource types in the Kubernetes API. This makes it possible to provide certificates-as-a-service to...

CVE-2021-22944

A vulnerability found in UniFi Protect application V1.18.1 and earlier allows a malicious actor with a view-only role and network access to gain the same privileges as the owner of the UniFi Protect application. This vulnerability is fixed in UniFi Protect application V1.19.0 and later...

CVE-2025-14056

CVE-2025-14056 concerns the WordPress plugin Custom Post Type UI. It is a Stored Cross-Site Scripting (XSS) via the 'label' parameter during import, affecting all versions up to 1.18.1. An authenticated attacker with Administrator-level access can inject scripts that execute on the Tools → Get Co...

WordPress plugin Custom Post Type UI 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting...

EUVD-2020-18802

Malware in sbrugna...

EUVD-2025-23157

Malicious code in bioql PyPI...

Fedora 43 : prometheus-podman-exporter (2025-7ed37510cc)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-7ed37510cc advisory. prometheus-podman-exporter v1.18.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Fedora 42 : prometheus-podman-exporter (2025-89d6e0363e)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-89d6e0363e advisory. prometheus-podman-exporter v1.18.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

Fedora 41 : prometheus-podman-exporter (2025-5d38037ea1)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-5d38037ea1 advisory. prometheus-podman-exporter v1.18.1 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessu...

DEBIAN-CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

CVE-2025-54572

The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the messagemaxbytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64...

GHSA-P57H-3CMC-XPJQ Python package "zhmcclient" stores passwords in clear text in its HMC and API logs

Impact The Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: The 'boot-ftp-password' and 'ssc-master-pw' properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs The 'ssc-master-pw' a...