GHSA-FQ4F-4738-RQXM Rucio WebUI has a Stored Cross-site Scripting (XSS) Vulnerability in its Custom RSE Attribute

Summary A stored Cross-site Scripting XSS vulnerability was identified in the Custom RSE Attribute of the WebUI where attacker-controlled input is persisted by the backend and later rendered in the WebUI without proper output encoding. This allows arbitrary JavaScript execution in the context of...

CVE-2026-1437

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

CVE-2026-1437

Graylog Web Interface console 2.2.3 contains a reflected XSS flaw due to insufficient sanitization/escaping of HTML output. Several endpoints may echo parts of the URL in responses, enabling arbitrary JavaScript execution when a user visits a crafted URL. The vulnerability could allow script exec...

Splunk Enterprise 9.2.0 < 9.2.12, 9.3.0 < 9.3.9, 9.4.0 < 9.4.8, 10.0.0 < 10.0.2 (SVD-2026-0204)

The version of Splunk installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the SVD-2026-0204 advisory. - In Splunk Enterprise versions below 10.2.0, 10.0.2, 9.4.8, 9.3.9, and 9.2.12, and Splunk Cloud Platform versions below...

PT-2026-20393

Reflected Cross-Site Scripting XSS vulnerability in the Graylog Web Interface console, version 2.2.3, caused by a lack of proper sanitization and escaping in HTML output. Several endpoints include segments of the URL directly in the response without applying output encoding, allowing an attacker ...

PT-2026-20470

Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.2.0 Splunk Enterprise versions 10.0.2 through 10.0.2 Splunk Enterprise versions 9.2.12 through 9.4.8 Splunk Enterprise versions 9.3.9 Splunk Cloud Platform versions prior to 10.2.2510.3 Splunk Cloud...

EUVD-2020-19064

Malware in sbrugna...

CVE-2020-13386

In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate Local and SDMsgUpdate TE. The scheduled...

UBUNTU-CVE-2015-5292

Memory leak in the Privilege Attribute Certificate PAC responder plugin sssdpacplugin.so in System Security Services Daemon SSSD 1.10 before 1.13.1 allows remote authenticated users to cause a denial of service memory consumption via a large number of logins that trigger parsing of PAC blobs duri...