CVE-2026-44009

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.2, This vulnerability is fixed in 3.11.2...

CVE-2026-44008

CVE-2026-44008 describes a vm2 sandbox escape in the Node.js vm2 library. Before version 3.11.2, the method neutralizeArraySpeciesBatch could interact with objects from the outside and, via a getter on Array.prototype, expose host objects to the sandbox, allowing an attacker to access the host Fu...

NPM: vm2 has Sandbox Breakout Through Null Proto Exception

NPM: vm2 has Sandbox Breakout Through Null Proto Exception vulnerability discovered by ? in WordPress Npm vm2 versions 3.11.2...

postfix-3.11.2-1.1 on GA media (moderate)

postfix-3.11.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10707-1 Rating: moderate Cross-References: CVE-2026-43964 CVSS scores: CVE-2026-43964 SUSE : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-43964 SUSE : 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N...

PT-2026-38524

These are all security issues fixed in the postfix-3.11.2-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2026:10607-1 golang-github-prometheus-prometheus-3.11.2-1.1 on GA media

These are all security issues fixed in the golang-github-prometheus-prometheus-3.11.2-1.1 package on the GA media of openSUSE Tumbleweed...

Linux Distros Unpatched Vulnerability : CVE-2026-40179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting...

SUSE CVE-2026-40179

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

CVE-2026-40179

CVE-2026-40179 is a stored XSS in Prometheus web UI. Versions 3.0–3.5.1 and 3.6.0–3.11.1 allow metric names/label values to be injected into innerHTML without escaping, affecting Mantine UI and the old React UI. Attackers who can influence metrics (via compromised scrape target, remote write, or ...

CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer

Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of the Prometheus web UI where metric names and label values are injected into innerHTML without...

UBUNTU-CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

EUVD-2021-32605

Malicious code in bioql PyPI...

CVE-2021-45889

An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or...

WordPress Happy Addons for Elementor plugin <= 3.11.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via PDF View Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via PDF View Widget vulnerability discovered by Webbernaut in WordPress Plugin Happy Addons for Elementor versions = 3.11.2...

WordPress Happy Addons for Elementor Plugin <= 3.11.2 is vulnerable to Cross Site Scripting (XSS)

Software Happy Addons for Elementor Type Plugin Vulnerable versions = 3.11.2 Fixed in 3.11.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6627 Patch priority Low CVSS severity Low 6.5 Developer Leevio PSID 0dee5f2221b3 Credits Webbernaut Required...

WordPress plugin Profile Builder 数据伪造问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A data forgery issu...

SUSE CVE-2020-25626

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious tags, leadin...

Dell SupportAssist for Home PCs Information Disclosure Vulnerability

Dell SupportAssist for Home PCs is a client application for home computers from Dell USA. The program provides automation, proactive and predictive techniques for troubleshooting and more. An information disclosure vulnerability exists in Dell SupportAssist for Home PCs version 3.11.2 and prior...

PT-2023-13367 · Dell · Dell Supportassist

Name of the Vulnerable Software and Affected Versions: Dell SupportAssist for Home PCs versions 3.11.2 and prior Description: The issue is related to an Overly Permissive Cross-domain Whitelist, which could allow an authenticated non-admin user to potentially exploit it and obtain sensitive...

WordPress plugin The Easy Appointments 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...