GHSA-GCFJ-CF7J-VWGJ CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via System Settings – Social Media Management Same-Page Attribute Breakout & Persistent Payload Injection - Stored Cross-site Scripting via Unsanitized Social Media Configuration Fields with Immediate Same-Page Execution Description The application fails to...

EUVD-2026-18068

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

CVE-2026-4820

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

CVE-2026-4820

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to th...

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute vulnerability

WordPress WP Shortcodes Plugin - Shortcodes Ultimate plugin = 7.4.10 - Authenticated Contributor+ Stored Cross-Site Scripting via 'maxwidth' Shortcode Attribute vulnerability discovered by Michael Iden Mickhat - Hack The Box in WordPress Plugin Shortcodes Ultimate versions = 7.4.10...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the escapeNodeAttributeValues process. An attacker can execute arbitrary operating system commands by crafting a malicious .sy.zip file containing specially formatted block attribute values, which, when...

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the escapeNodeAttributeValues process. An attacker can execute arbitrary operating system commands by crafting a malicious .sy.zip file containing specially formatted block attribute values, which, when...

SiYuan Desktop: Stored XSS in imported .sy.zip content leads to arbitrary command execution

Summary A vulnerability allows crafted block attribute values to bypass server-side attribute escaping when an HTML entity is mixed with raw special characters. An attacker can embed a malicious IAL value inside a .sy document, package it as a .sy.zip, and have the victim import it through the...

Amazon Linux 2023 : bpftool6.18, kernel6.18, kernel6.18-devel (ALAS2023-2026-1515)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1515 advisory. In the Linux kernel, the following vulnerability has been resolved: audit: add fchmodat2 to change attributes class CVE-2025-71239 In the Linux kernel, the following vulnerability has been...

GHSA-RX4H-526Q-4458 SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client

Summary An attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary https URLs without extensions as images, stores the...

SiYuan: Stored XSS in Attribute View Gallery/Kanban Cover Rendering Allows Arbitrary Command Execution in Desktop Client

Summary An attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary https URLs without extensions as images, stores the...

CVE-2026-2480

CVE-2026-2480 affects the WordPress WP Shortcodes Plugin — Shortcodes Ultimate up to version 7.4.10. The vulnerability is a Stored Cross-Site Scripting (XSS) in the su_box shortcode via the max_width attribute, caused by insufficient input sanitization and output escaping on user-supplied attribu...

CVE-2026-2480 WP Shortcodes Plugin — Shortcodes Ultimate <= 7.4.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'max_width' Shortcode Attribute

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'maxwidth' attribute of the subox shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attributes...

SUSE-SU-2026:1162-1 Security update for python-tornado

This update for python-tornado fixes the following issues: - CVE-2025-67724: missing validation of the supplied reason phrase bsc1254903. - CVE-2025-67725: Denial of Service DoS via maliciously crafted HTTP request caused by the HTTPHeaders.add method bsc1254905. - CVE-2026-31958: parsing large...

CVE-2026-34448 SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

EUVD-2026-17675

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

CVE-2026-34448 SiYuan: Stored XSS in Attribute View gallery/kanban cover rendering allows arbitrary command execution in the desktop client

SiYuan is a personal knowledge management system. Prior to version 3.6.2, an attacker who can place a malicious URL in an Attribute View mAsse field can trigger stored XSS when a victim opens the Gallery or Kanban view with “Cover From - Asset Field” enabled. The vulnerable code accepts arbitrary...

CVE-2026-34405

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

EUVD-2026-17670

Nuxt OG Image generates OG Images with Vue templates in Nuxt. Prior to version 6.2.5, the image‑generation component by the URI: /og/d/ and, in older versions, /og-image/ contains a vulnerability that allows injection of arbitrary attributes into the HTML page body. This issue has been patched in...

PT-2026-29403

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'max width' attribute of the su box shortcode in all versions up to, and including, 7.4.10 due to insufficient input sanitization and output escaping on user supplied attribute...