EUVD-2026-34165

Version 3.0.7 of the Securly Chrome Extension dynamically registers content13.min.js as a content script via chrome.scripting.registerContentScripts at runtime. This script is NOT declared in manifest.json and bypasses Chrome Web Store static security review. It runs on all URLs and immediately...

CVE-2026-40104 XWiki's REST APIs can list all pages/spaces, leading to unavailability

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Versions 1.8-rc-1, 17.0.0-rc-1 and 17.5.0-rc-1 and prior include a resource exhaustion vulnerability in REST API endpoints such as...

CVE-2025-61641

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61641

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61641

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiQueryAllPages.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61641

CVE-2025-61641 affects Wikimedia Foundation MediaWiki, tied to program files includes/api/ApiQueryAllPages.Php and impacts MediaWiki versions before 1.39.14, 1.43.4, 1.44.1. Debians and OSV entries describe multiple issues (e.g., XSS, information disclosure, missing rate limiting, denial of servi...

UBUNTU-CVE-2025-71107

In the Linux kernel, the following vulnerability has been resolved: f2fs: ensure node page reads complete before f2fsputsuper finishes Xfstests generic/335, generic/336 sometimes crash with the following message: F2FS-fs dm-0: detect filesystem reference count leak during umount, type: 9, count: ...

PT-2025-46952

Name of the Vulnerable Software and Affected Versions QuickCMS version 6.8 QuickCMS affected versions not specified Description QuickCMS is susceptible to multiple Stored Cross-Site Scripting XSS issues within the language editor functionality, specifically in the 'languages' section. An attacker...

Stored Cross-Site Scripting (XSS)

Liferay Portal is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper input validation in the Instance Configuration’s CDN Host HTTP and CDN Host HTTPS text fields, which allows an authenticated instance administrator to inject arbitrary web scripts or HTML into al...

MISP 安全漏洞

MISP is an open source software solution from MISP Open Source. The product is used to collect, store, distribute, and share cybersecurity metrics and has features such as threat cybersecurity event analysis and malware analysis. A security vulnerability exists in MISP versions prior to 2.4.193...

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU resulting in a denial of service condition.

...

AZL-8671 CVE-2021-3930 affecting package qemu for versions less than 6.2.0-2

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in modesensepage if the 'page' argument was set to MODEPAGEALLS 0x3f. A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service conditio...

QEMU: off-by-one error in mode_sense_page() in hw/scsi/scsi-disk.c

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in modesensepage if the 'page' argument was set to MODEPAGEALLS 0x3f. A malicious guest could use this flaw to potentially crash QEMU, resulting in a denial of service conditio...