570 matches found
Cross-site scripting (XSS) via script break-out in toScript() output
What's Changed Escape HTML tags in toScript output to prevent script break-out by @freekmurze in https://github.com/spatie/schema-org/pull/242 Values containing passed as schema properties could break out of the generated block and execute injected HTML when the value was attacker-controlled...
CVE-2026-6224 nocobase plugin-workflow-javascript Vm.js createSafeConsole sandbox
A security flaw has been discovered in nocobase plugin-workflow-javascript up to 2.0.23. This issue affects the function createSafeConsole of the file packages/plugins/@nocobase/plugin-workflow-javascript/src/server/Vm.js. Performing a manipulation results in sandbox issue. The attack can be...
Security Bulletin: DevOps Test Performance contains a vulnerability related to use of the jsdiff JavaScript library
Summary Due to use of the jsdiff JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential denial of service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-24001 DESCRIPTION: jsdiff is a JavaScript text differencing implementation. Prior to versions...
SUSE CVE-2025-59028
When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes hea...
PT-2026-28187
Name of the Vulnerable Software and Affected Versions Database Backup for WordPress versions prior to 2.5.3 Description An authorization bypass exists because the plugin fails to restrict access to the wp db temp dir parameter, which determines the storage location for database backups...
CVE-2026-3580
In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...
Security Bulletin: IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec (CVE-2025-67735)
Summary IBM SPSS Analytic Server is affected by CRLF injection vulnerability in Netty Codec CVE-2025-67735. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions...
libsoup 安全漏洞
Libsoup is a GNOME project’s HTTP client/server library. Libsoup has a security vulnerability, which stems from improper input cleaning in the soupmessageheaderssetcontenttype function. This vulnerability could allow attackers to inject CRLF sequences by controlling the value of the Content-Type...
EUVD-2025-208410
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...
CVE-2025-15576
If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this...
CVE-2026-25702
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before...
PT-2026-23409
Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 12 SP5 Description An Improper Access Control issue exists in the kernel of SUSE Linux Enterprise Server 12 SP5, impacting nftables functionality. This prevents firewall rules applied through nftables from...
SUSE CVE-2026-25702
A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before...
CVE-2026-27458
LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...
CVE-2026-0490
SAP BusinessObjects BI Platform allows an unauthenticated attacker to craft a specific network request to the trusted endpoint that breaks the authentication, which prevents the legitimate users from accessing the platform. As a result, it has a high impact on the availability but no impact on th...
CVE-2026-23686 CRLF Injection vulnerability in SAP NetWeaver Application Server Java
Due to a CRLF Injection vulnerability in SAP NetWeaver Application Server Java, an authenticated attacker with administrative access could submit specially crafted content to the application. If processed by the application, this content enables injection of untrusted entries into generated...
Shor's Harvest Now Decrypt Later
This plugin reports network services that may be vulnerable now to a future attack by adversaries using a cryptographically relevant quantum computer CRQC. Shor's is a theoretical algorithm that leverages the unique ability of quantum computation to do massively parallel calculations developed by...
[SECURITY] [DSA 6119-1] openjdk-25 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6119-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 05, 2026 https://www.debian.org/security/faq -...
EUVD-2026-4872
NocoDB is software for building databases as spreadsheets. Prior to version 0.301.0, an authenticated user with org-level-creator permissions can exploit prototype pollution in the /api/v2/meta/connection/test endpoint, causing all database write operations to fail application-wide until server...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fixed a potential use-after-free issue in oplock/lease break ack. If there is an error returning from ksmbdiovpinrsp, a use-after-free may occur by accessing opinfo-state and opinfoput. Additionally, ksmbdfdput might be...