CVE-2026-44898 Mistune TOC Anchor Injection XSS

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.2.1, rendertocul builds a table-of-contents tree from a list of level, id, text tuples. Both the id value used as href="" and the text value used as the visible link label are inserted into tags via a plain Python format...

semantic-compressor

Semantic Compressor Store the recipe of a database, not...

container: pf Rule Injection via Domain Name Argument in `container system dns create --localhost` Command

Product Name: container Github Link: https://github.com/apple/container Version: = 0.12.2 Summary The container system dns create --localhost command accepts a domainName argument and passes it unsanitized into the pf anchor file /etc/pf.anchors/com.apple.container as a comment in a rule line. A...

ALPINE-CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

[SECURITY] Fedora 44 Update: rust-openssl-probe-0.2.1-1.fc44

A library for helping to find system-wide trust anchor "root" certificate locations based on paths typically used by openssl...

CVE-2026-23920

Host and event action script input is validated with a regex set by the administrator, but the validation runs in multiline mode. If ^ and $ anchors are used in user input validation, an injected newline lets authenticated users bypass the check and inject shell commands...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper sanitization of HTML anchor tags in the comment and issue description functionality. An attacker can execute arbitrary JavaScript in the context of another user by injecting malicious links...

SUSE-SU-2026:20652-1 Security update for ca-certificates-mozilla

This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.84 state of Mozilla SSL root CAs bsc1258002 - Removed: - Baltimore CyberTrust Root - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public...

CVE-2026-27474

CVE-2026-27474 affects SPIP prior to 4.4.9, where the private area is vulnerable to Cross-Site Scripting due to incomplete application of the echappe_anti_xss() filter to input, form, button, and anchor tags. The issue compounds an incomplete fix from SPIP 4.4.8 and is not mitigated by the securi...

CVE-2025-71249

This CVE entry is rejected/not used and does not represent an active vulnerability entry.

SPIP 安全漏洞

SPIP is an open-source software developed by SPIP for creating Internet websites. Versions of SPIP prior to 4.4.9 contained a security vulnerability. This vulnerability stemmed from the echappeantixss function not being applied systematically to HTML tags such as input fields, forms, buttons, and...

QCL-IDS: Quantum Continual Learning for Intrusion Detection with Fidelity-Anchored Stability and Generative Replay

Continual intrusion detection must absorb newly emerging attack stages while retaining legacy detection capability under strict operational constraints, including bounded compute and qubit budgets and privacy rules that preclude long-term storage of raw telemetry. We propose QCL-IDS, a...

MiracleLinux 4 : bind-9.7.3-8.P3.AXS4.2 (AXSA:2012-15:01)

"The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-15:01 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names t...

MiracleLinux 4 : bind-9.8.2-0.10.rc1.AXS4 (AXSA:2012-801:02)

"The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-801:02 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves ho...

EUVD-2025-198873

Malicious code in @ensdomains/dnssec-oracle-anchors npm...

Malicious code in @ensdomains/dnssec-oracle-anchors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b164c0fb4c77df7a6c083be92efc82f833aaa660d50fbb1a0eea26b2388c65a6 The package @ensdomains/dnssec-oracle-anchors was found to contain malicious code. Source: ghsa-malware...

@ansdomain/react-ans-address (>=0.0.31 <=0.0.32), @ansdomain/ui (>=3.8.0 <=3.8.771) +64 more potentially affected by unknown CVE via @ensdomains/dnssec-oracle-anchors (=0.0.1)

@ensdomains/dnssec-oracle-anchors NPM version =0.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @ensdomains/dnssec-oracle-anchors and may be impacted: - @ansdomain/react-ans-address =0.0.31, =3.8.0, =2.1.7, =3.4.2, =0.0.1, =3.4.5, =2.0.33, =0.0.22...

MAL-2025-190804 Malicious code in @ensdomains/dnssec-oracle-anchors (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b164c0fb4c77df7a6c083be92efc82f833aaa660d50fbb1a0eea26b2388c65a6 The package @ensdomains/dnssec-oracle-anchors was found to contain malicious code. Source: ghsa-malware...

Mozilla Firefox < 57.0.1

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 57.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2017-27 advisory. - When Private Browsing mode is used, it is possible for a web worker to write persistent data to IndexedDB a...

VEIL: Jailbreaking Text-To-Video Models Via Visual Exploitation from Implicit Language

Jailbreak attacks can circumvent model safety guardrails and reveal critical blind spots. Prior attacks on text-to-video T2V models typically add adversarial perturbations to obviously unsafe prompts, which are often easy to detect and defend. In contrast, we show that benign-looking prompts...