1071 matches found
CVE-2026-4317
SQL inyection SQLi vulnerability in Umami Software web application through an improperly sanitized parameter, which could allow an authenticated attacker to execute arbitrary SQL commands in the database.Specifically, they could manipulate the value of the 'timezone' request parameter by includin...
CVE-2026-4317
CVE-2026-4317 describes an SQL injection in the Umami Software web application where an improperly sanitized timezone parameter is interpolated directly into SQL queries (potentially via prisma.rawQuery/prisma.$queryRawUnsafe or raw queries with ClickHouse). This authenticated-access vulnerabilit...
EUVD-2026-15485
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...
CVE-2026-20719
Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...
PT-2026-27810
Name of the Vulnerable Software and Affected Versions Mattermost versions 11.4.0 and earlier Mattermost versions 11.3.1 and earlier Mattermost versions 11.2.3 and earlier Mattermost versions 10.11.11 and earlier Description The software does not properly prevent the rendering of external Scalable...
Malicious code in fancode-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e56c163153700b6fef7090e078a98b7c2403088e5c5f487344dc419af8adaa7 The package fancode-web-app was found to contain malicious code. Source: ghsa-malware a933e6c673f3cf2c4cb0e768570b64dcf627ac59e6b29c2e9afd5a5fb3d4396...
Malicious Package
Overview fancode-web-app is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-2130 Malicious code in fancode-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6e56c163153700b6fef7090e078a98b7c2403088e5c5f487344dc419af8adaa7 The package fancode-web-app was found to contain malicious code. Source: ghsa-malware a933e6c673f3cf2c4cb0e768570b64dcf627ac59e6b29c2e9afd5a5fb3d4396...
FriendlyDealer mimics official app stores to push unvetted gambling apps
We’ve identified a huge social-engineering campaign designed to steer people into online gambling sites under the impression they’re installing a legitimate app. We’re calling it FriendlyDealer. It’s been observed across at least 1,500 domains, each hosting a website that impersonates the Google...
web-app-security-project
🛡️ Web Application Security Project 📌 Overview This projec...
Malicious code in proleis-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd065de5d26ebde43c9fef2003ea3ffbc21bfa47120965cf1c6a893da876d33 The package proleis-web-app was found to contain malicious code...
MAL-2026-1825 Malicious code in proleis-web-app (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector afd065de5d26ebde43c9fef2003ea3ffbc21bfa47120965cf1c6a893da876d33 The package proleis-web-app was found to contain malicious code...
CVE-2026-3023
Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/pets/print-tags'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose of injecting NoSQL commands,...
PT-2026-25671
Non-relational SQL injection vulnerability NoSQLi in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/hospitalization/generate-hospitalization-summary'. This vulnerability could allow an authenticated user to alter a POST request to the affected endpoint for the purpose o...
PT-2026-25673
Stored Cross-Site Scripting XSS vulnerability in the Wakyma web application, specifically in the endpoint 'vets.wakyma.com/configuracion/agenda/modelo-formulario-evento'. A user with permission to create personalized accounts could exploit this vulnerability simply by creating a malicious survey...
Chromium: CVE-2026-3935 Incorrect security UI in WebAppInstalls
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
SUSE CVE-2026-3935
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-3935
CVE-2026-3935 affects Google Chrome/Chromium on multiple platforms due to an incorrect security UI in WebAppInstalls, enabling UI spoofing via a crafted HTML page. Affected versions before 146.0.7680.71 (Chrome/Chromium upstream) are susceptible; fixes are delivered in Chromium 146.0.7680.71 and ...
CVE-2026-3935
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-3935
Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...