3306 matches found
Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection
Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...
Important: Red Hat Security Advisory: skopeo security update
An update for skopeo is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
Linux Distros Unpatched Vulnerability : CVE-2026-7532
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certifica...
EUVD-2026-31686
Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry...
CVE-2026-7532
iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...
CVE-2026-7532
iPAddress name constraints bypass when WOLFSSLIPALTNAME is not defined. IP address name constraints are not enforced in that configuration, allowing a certificate to bypass an issuing CA's IP address constraints...
CVE-2026-54025
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...
CVE-2026-54025 LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...
CVE-2026-54025
LibreChat suffers a stored XSS in its Markdown artifact preview prior to version 0.8.4-rc1. The vulnerability arises because lib re uses marked v15.0.12 to render image alt text without HTML-escaping double quotes when the custom image renderer defers to the default renderer. LibreChat’s generate...
EUVD-2026-39463
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls throu...
PT-2026-52491
Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1 Description A flaw exists in the markdown artifact preview pipeline. The generateMarkdownHtml function located in client/src/utils/markdown.ts utilizes a custom image renderer that triggers a fallback to t...
PT-2026-52623
Name of the Vulnerable Software and Affected Versions wolfSSL affected versions not specified Description A configuration issue occurs when WOLFSSL IP ALT NAME is not defined, leading to a bypass of iPAddress name constraints. In this state, the software fails to enforce IP address constraints se...
CVE-2026-11997
The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage, which dispatches to launchbulk / BulkSeoImageGo whenever the request...
EUVD-2026-38688
The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage, which dispatches to launchbulk / BulkSeoImageGo whenever the request...
CVE-2026-11997 Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update
The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage, which dispatches to launchbulk / BulkSeoImageGo whenever the request...
CVE-2026-11997
CVE-2026-11997 affects the WordPress plugin Bulk SEO Image
PT-2026-51670
Name of the Vulnerable Software and Affected Versions Bulk SEO Image versions prior to 1.2 Description The Bulk SEO Image plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settings page handler BulkSeoImage lacks proper nonce validation—a security token used t...
CVE-2026-5428
The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This is due to insufficient output escaping in the renderpostthumbnail function, where wpksespost is...
UBUNTU-CVE-2026-41159
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...
CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...