PT-2026-34872

Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version = 3.2.0 and 3.3.1. Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest, injecting a malicious class...

Apache DolphinScheduler 代码问题漏洞

Apache DolphinScheduler is a modern data orchestration platform developed by the Apache Foundation in the United States. Versions of Apache DolphinScheduler from 3.2.0 to 3.3.1 had code vulnerabilities. These vulnerabilities stemmed from insecure data deserialization in the RPC module, which coul...

AVideo has Stored XSS via Unescaped Menu Item Fields in TopMenu Plugin

Summary The TopMenu plugin renders menu item fields icon classes, URLs, and text labels directly into HTML without applying htmlspecialchars or any other output encoding. Since menu items are rendered on every public page through plugin hooks, a single malicious menu entry results in stored...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview mdast-util-to-hast is a mdast utility to transform to hast Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes in the class attribute in rendered markdown code elements. An attacker can cause arbitrary CSS...

CVE-2025-66400 mdast-util-to-hast unsanitized class attribute

mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple unprefixed classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This...

Linux Distros Unpatched Vulnerability : CVE-2020-10960

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to...

CVE-2023-26436

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processin...

CVE-2023-26436

Attackers with access to the "documentconverterws" API were able to inject serialized Java objects, that were not properly checked during deserialization. Access to this API endpoint is restricted to local networks by default. Arbitrary code could be injected that is being executed when processin...

UBUNTU-CVE-2020-10960

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets CSS classes which can affect what content is shown or hidden in the user interface to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler ...

PT-2020-2139 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.34.1 Description: The issue in MediaWiki is related to the lack of proper output encoding or escaping, which can be exploited by a remote attacker to impact data integrity. Users can add various Cascading Style...