8374 matches found
CVE-2025-56535
A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...
JLSEC-2026-294
HDF5 through 1.14.3 contains a heap buffer overflow in H5Aattrreleasetable, resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...
JLSEC-2026-328
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
JLSEC-2026-306
HDF5 Library through 1.14.3 may use an uninitialized value in H5Aattrreleasetable in H5Aint.c...
PT-2026-35942
A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...
CVE-2025-56535
A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...
CVE-2025-56535
A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...
CVE-2025-56535
OpenNebula 6.10.0.1 is affected by a cross-site scripting (XSS) vulnerability in the zone attribute parameter. The issue allows an attacker to render arbitrary web scripts or HTML in the victim’s browser. The available documents consistently describe the vulnerability as XSS in OpenNebula v6.10.0...
CVE-2025-56535
A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...
PT-2026-37135
Name of the Vulnerable Software and Affected Versions GoBGP versions prior to 4.4.0 Description A remote Denial of Service DoS issue exists due to a nil pointer dereference. When a malformed BGP UPDATE message contains an unrecognized Path Attribute marked as "Well-known," the daemon fails to...
CVE-2025-56535
A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...
OpenNebula 跨站脚本漏洞
OpenNebula is an open-source cloud computing platform developed by OpenNebula, used for managing heterogeneous distributed data center infrastructure. Version 6.10.0.1 of OpenNebula contains a cross-site scripting vulnerability. This vulnerability arises from injecting a specially crafted payload...
EUVD-2025-209588
A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...
USN-8198-2: Tornado vulnerabilities
USN-8198-1 fixed vulnerabilities in Tornado. This update provides the corresponding updates for Ubuntu 26.04 LTS. Original advisory details: It was discovered that Tornado incorrectly handled parsing of large multipart request bodies. An attacker could possibly use this issue to cause a denial of...
JLSEC-2026-282
netCDF in GDAL 2.4.2 through 3.0.4 has a stack-based buffer overflow in nc4getatt called from nc4getatttc and ncgetatttext and in uffdcleanup called from netCDFDataset::netCDFDataset and netCDFDataset::netCDFDataset...
CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
CVE-2026-4805
CVE-2026-4805 affects the WordPress Woostify theme (versions
CVE-2026-4805 Woostify <= 2.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Lity.js Library via data-lity Attribute in Custom HTML Block
The Woostify plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.0 This is due to insufficient input sanitization and output escaping in the bundled Lity.js lightbox library, where user-controlled input from the href attribute is concatenated...
CVE-2026-6551
The Timeline Blocks for Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titleTag' attribute of the timeline-blocks/tb-timeline-blocks block in all versions up to, and including, 1.1.10 due to insufficient input sanitization and output escaping on user supplied...
CVE-2026-6725
The WPC Smart Messages for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the wpcsmtextrotator shortcode in all versions up to, and including, 4.2.8. This is due to insufficient input sanitization and output escaping on user supplied...