MINI-CFRP-M7V5-XJ48

Bulletin has no description...

Security Bulletin: Carbon chart DOMPurify XSS Vulnerabilities (CVE-2026-41238, CVE-2026-41239, CVE-2026-41240)

Summary Three cross-site scripting XSS vulnerabilities CVE-2026-41238, CVE-2026-41239, and CVE-2026-41240 were identified in the DOMPurify library versions 3.0.1 through 3.3.3. These vulnerabilities allow attackers to bypass sanitization through prototype pollution exploitation, template expressi...

Security Bulletin: @carbon/ai-chat is vulnerable to XSS if Object.prototype has been compromised in assistant provided content due to DOMPurify ( CVE-2026-41238 CVE-2026-41239 CVE-2026-41240)

Summary DOMPurify trusts Object.prototype for security-critical config, which violates the principle that a sanitizer should be robust against a hostile global environment. If Object.prototype has been compromised, DOMPurify may not sanitize HTML propertly. Vulnerability Details...

Security Bulletin: Carbon Charts React Router Security Vulnerabilities

Summary Carbon Charts versions prior to v1.27.8 include a vulnerable version of React Router that is susceptible to five security vulnerabilities CVE-2025-59057, CVE-2025-68470, CVE-2026-21884, CVE-2026-22029, CVE-2026-22030 with severity ranging from Medium to High CVSS 6.1 to 8.2. These...

Security Bulletin: Carbon Charts lodash-es Security Vulnerabilities

Summary Carbon Charts versions prior to 1.27.8 include lodash-es version 4.17.23, which contains two security vulnerabilities: a prototype pollution vulnerability CVE-2026-2950, CVSS 5.3 in the .unset and .omit functions that allows deletion of properties from built-in prototypes, and a critical...

EUVD-2024-55555

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...

CVE-2024-58344

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...

CVE-2024-58344 Carbon Forum 5.9.0 Persistent XSS via Forum Name Field

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...

CVE-2024-58344

Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that...

CVE-2024-58344

Carbon Forum 5.9.0 contains a persistent XSS vulnerability via the Forum Name field in dashboard settings. Authenticated administrators can store JavaScript payloads that execute for users visiting the forum, enabling session hijacking and data theft. The document does not provide a remediation o...

Carbon-Forum 跨站脚本漏洞

Carbon-Forum is a high-performance open-source forum software developed by Canbin Lin. Version 5.9.0 of Carbon-Forum contains a cross-site scripting vulnerability. This vulnerability stems from a stored-cross-site scripting flaw, which could allow authenticated administrators to inject malicious...

CVE-2026-40569

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

EUVD-2026-24171

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

Malicious Package

Overview carbon-mac-copy-cloner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

Malicious code in carbon-mac-copy-cloner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a38d75b9f18088f693edfe80cca42e9c3688457b43560fa568b6f547b9f464c5 The package carbon-mac-copy-cloner was found to contain malicious code...

MAL-2026-1666 Malicious code in carbon-mac-copy-cloner (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a38d75b9f18088f693edfe80cca42e9c3688457b43560fa568b6f547b9f464c5 The package carbon-mac-copy-cloner was found to contain malicious code...

carbon-apimgt does not properly restrict uploaded files

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by...

CVE-2019-11937

In Mcrouter prior to v0.41.0, a large struct input provided to the Carbon protocol reader could result in stack exhaustion and denial of service...

CVE-2019-16235

Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280messagecarbons.vala...

Towards Eco Friendly Cybersecurity: Machine Learning Based Anomaly Detection with Carbon and Energy Metrics

The rising energy footprint of artificial intelligence has become a measurable component of US data center emissions, yet cybersecurity research seldom considers its environmental cost. This study introduces an eco aware anomaly detection framework that unifies machine learning based network...