Astra Linux - уязвимость в firefox, thunderbird, expat

nextScaffoldPart in xmlparse.c in Expat aka libexpat before 2.4.3 has an integer overflow...

EUVD-2026-25932

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...

PT-2026-35536

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function read null terminated string of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.file name leads to path...

SUSE SLES16 Security Update : dovecot24 (SUSE-SU-2026:21208-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:21208-1 advisory. - Update to v2.4.3 - CVE-2025-59028: Invalid base64 authentication can cause DoS for other logins bsc1260894. - CVE-2025-59031:...

CVE-2026-25355

The CVE affects WordPress Sanzo theme versions prior to 2.4.3. Root cause: improper neutralization of input during web page generation, enabling stored cross-site scripting (XSS) in Sanzo pages. Impact is characterized as stored XSS with a CVSS v3.1 base score of 6.5 (MEDIUM): network attack comp...

PT-2026-27916

Name of the Vulnerable Software and Affected Versions skygroup Sanzo versions prior to 2.4.3 Description The software contains a flaw due to improper handling of user-supplied data when creating web pages, leading to a potential cross-site scripting XSS issue. Specifically, the vulnerability allo...

CVE-2026-27458

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

CVE-2026-27458 LinkAce: Stored XSS in Atom Feed via CDATA Escape in List Description

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

CVE-2026-27458

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

CVE-2026-25804

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies wi...

CVE-2026-25804

Antrea is a Kubernetes networking solution intended to be Kubernetes native. Prior to versions 2.3.2 and 2.4.3, Antrea's network policy priority assignment system has a uint16 arithmetic overflow bug that causes incorrect OpenFlow priority calculations when handling a large numbers of policies wi...

CVE-2026-1520

A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be use...

CVE-2026-1520

A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be use...

CVE-2025-67964

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through = 2.4.3...

CVE-2026-24379

Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.3...

CVE-2026-24379 WordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through = 2.4.3...

CVE-2025-67964 WordPress Homey Core plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in favethemes Homey Core homey-core allows Reflected XSS.This issue affects Homey Core: from n/a through = 2.4.3...

WordPress Homey Core plugin <= 2.4.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Homey Core versions = 2.4.3...

CVE-2023-4321

Cross-site Scripting XSS - Stored in GitHub repository cockpit-hq/cockpit prior to 2.4.3...

CVE-2025-67965

Missing Authorization vulnerability in favethemes Homey Core homey-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Homey Core: from n/a through = 2.4.3...