297 matches found
CVE-2026-6371 Stored XSS in Limatek's LimRAD NAC
Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in Limatek System Inc. LimRAD NAC allows Stored XSS. This issue affects LimRAD NAC: through 08072026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2026-31583
creationtimestamp| type| source ---|---|--- 2026-07-02 05:48:33+00:00| seen| https://www.hkcert.org/security-bulletin/ubuntu-linux-kernel-multiple-vulnerabilities20260702 2026-07-06 05:50:35+00:00| seen| https://www.hkcert.org/security-bulletin/debian-linux-kernel-multiple-vulnerabilities20260706...
CVE-2026-8857
A vulnerability in Wikimedia Foundation timeline. This vulnerability is associated with program files scripts/EasyTimeline.Pl, includes/Timeline.Php. This issue affects timeline: from before 1.46.0, 1.45.4, 1.44.6, 1.43.9...
PT-2026-53654
Name of the Vulnerable Software and Affected Versions Gigamon GVOS versions prior to 5.16.2 Description The GVOS H-VUE subsystem contains a directory traversal flaw, which allows an attacker to access files and directories outside the intended folder. Recommendations Update Gigamon GVOS to versio...
CVE-2026-47267
creationtimestamp| type| source ---|---|--- 2026-06-19 02:22:31+00:00| published-proof-of-concept| https://github.com/gogs/gogs/security/advisories/GHSA-c4v7-xg93-qf8g...
SUSE CVE-2026-46559
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, an incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options. This issue has been patched in versions...
BELL-CVE-2026-46314
Bulletin has no description...
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Overview Vulnerability has been found in Cosminexus HTTP Server and Hitachi Web Server. CVE-2025-65082 This vulnerability will not occur if CGI is not used. Impact Regarding the impact of the vulnerability, please refer to the vendor advisory. Solution Please refer to the 'Vendor Information'...
CVE-2026-11669
creationtimestamp| type| source ---|---|--- 2026-06-08 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/google-chrome-multiple-vulnerabilities20260609 2026-06-15 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/microsoft-edge-multiple-vulnerabilities20260616...
PT-2026-47321
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.67 Description An out-of-bounds read occurs when using mod headers and mod mime in conjunction with multiple response languages. An out-of-bounds read is a condition where a program reads data past...
CVE-2026-11032
An insufficient data validation flaw was found in the Password Manager component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497831111...
@accounter/client (>=0.0.3 <=0.0.12-alpha-20260427054851-6925deba4595cf0c72d3875df0a094608b394a27), @appigram/react-code-split-ssr (=1.3.7) +130 more potentially affected by CVE-2026-42211 via react-router (>=7.0.0 <=7.14.1)
react-router NPM version =7.0.0, =0.0.3, =0.0.2, =3.5.2, =1.1.0, =1.0.1-MON-198808-web-js-deps-batch-1.0, =0.0.1, =3.4.9, =0.1.9, =1.27.1, =1.27.1, =0.3.1, =0.5.1 and more Source cves: CVE-2026-42211 Source advisory: OSV:GHSA-49RJ-9FVP-4H2H...
@aamini/config (>=0.0.1 <=0.0.13), @baic/preset-yolk-taro-miniprogram (>=2.1.0-alpha.278 <=2.1.0-alpha.281) +9 more potentially affected by CVE-2026-47428 via @vitest/browser (>=4.0.17 <=4.1.5)
@vitest/browser NPM version =4.0.17, =0.0.1, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =2.1.0-alpha.278, =4.0.2, =4.0.2, =4.0.2, =0.5.0, =0.1.13, =0.2.2 Source cves: CVE-2026-47428 Source advisory: SNYK:JS-VITESTBROWSER-17120486...
CVE-2026-10204 OFCMS JSON Query SysUserController.java query sql injection
A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...
Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867
Summary Security Bulletin: IBM Maximo Application Suite - Monitor Component uses path-to-regexp-0.1.12.tgz which is vulnerable to CVE-2026-4867.This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2026-4867 DESCRIPTION: Impact: A bad regular expression ...
GHSA-49PV-JM6V-MV97 vulnerabilities
Vulnerabilities for packages: chromium...
GHSA-6W53-H492-P28F vulnerabilities
Vulnerabilities for packages: chromium...
io.github.davidalmeidac:sealed-env-spring-boot-starter (>=0.1.0-alpha.1 <=0.1.0-alpha.3) potentially affected by CVE-2026-45091 via io.github.davidalmeidac:sealed-env-core (>=0.1.0-alpha.1 <=0.1.0-alpha.3)
io.github.davidalmeidac:sealed-env-core MAVEN version =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3 Source cves: CVE-2026-45091 Source advisory: OSV:GHSA-X3R2-FJ3R-G5MV...
ai.new-wave:spring-agent-app (>=0.1.0 <=0.3.0), ai.new-wave:spring-agent-core (>=0.1.0 <=0.3.0) +3625 more potentially affected by CVE-2026-42583 via io.netty:netty-codec-compression (>=4.2.0.Alpha3 <=4.2.12.Final)
io.netty:netty-codec-compression MAVEN version =4.2.0.Alpha3, =0.1.0, =0.1.0, =4.7.4, =4.7.4, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =4.7.3, =26.3.0, =26.3.0, =26.3.0, =26.3.2 and more Source cves: CVE-2026-42583 Source advisory: OSV:GHSA-MJ4R-2HFC-F8P6...
CVE-2025-63704
NPM package query-parser-string 1.0.0 is vulnerable to Prototype Pollution. The package does not properly sanitize user supplied query parameters and merges them to the newly created object...