EUVD-2026-32563

Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does not verify the message arrived on the SCTP association bound to that UE's logical NG-connection,...

CVE-2025-8362

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting XSS.This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0...

CVE-2025-8362

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Drupal GoogleTag Manager allows Cross-Site Scripting XSS.This issue affects GoogleTag Manager: from 0.0.0 before 1.10.0...

Drupal GoogleTag Manager module < 1.10.0 - Authenticated Cross Site Scripting (XSS) vulnerability

Authenticated Cross Site Scripting XSS vulnerability discovered by Pierre Rudloff prudloff in WordPress Module GoogleTag Manager versions 1.10.0...

CVE-2025-31694

Incorrect Authorization vulnerability in Drupal Two-factor Authentication TFA allows Forceful Browsing.This issue affects Two-factor Authentication TFA: from 0.0.0 before 1.10.0...

CVE-2022-32513

A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain control of the device when the attacker brute forces the password. Affected Products: C-Bus Network Automation Controller - LSS5500NAC Versions prior to V1.10.0, Wiser for C-Bus Automation Controller -...

DEBIAN-CVE-2020-9359

KDE Okular before 1.10.0 allows code execution via an action link in a PDF document...

Catalyst Mahara Cross-Site Scripting Vulnerability (CNVD-2017-36225)

Catalyst Mahara is a social networking system from Catalyst IT in New Zealand. The system includes a blog, resume builder, file manager, and more. A cross-site scripting vulnerability exists in Catalyst Mahara versions 1.10 before 1.10.0 and 15.04 before 15.04.0. A remote attacker could exploit...

jquery-ui: XSS vulnerability in default content in Tooltip widget

Cross-site scripting XSS vulnerability in the default content option in jquery.ui.tooltip.js in the Tooltip widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title attribute, which is not properly handled in the autocomplete combo box demo...

UBUNTU-CVE-2010-5312

Cross-site scripting XSS vulnerability in jquery.ui.dialog.js in the Dialog widget in jQuery UI before 1.10.0 allows remote attackers to inject arbitrary web script or HTML via the title option...