PT-2026-32753

Name of the Vulnerable Software and Affected Versions Windows Client Side Caching driver csc.sys affected versions not specified Description A heap-based buffer overflow in the Windows Client Side Caching driver csc.sys allows an authorized attacker to elevate privileges locally. A heap-based...

Microsoft Windows 安全漏洞

Microsoft Windows is an operating system used by personal devices by the American company Microsoft. The Microsoft Windows Client Side Caching driver csc.sys contains security vulnerabilities. Attackers can exploit these vulnerabilities to gain higher privileges. The following products and versio...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

CVE-2026-39415

CVE-2026-39415 affects Frappe LMS prior to 2.46.0, where quiz scores could be altered client-side before submission due to reliance on client-side calculated scores. Impact: data integrity of quiz results is compromised; no confidentiality breach or privilege escalation reported. Remediation: upg...

EUVD-2026-20603

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

CVE-2026-39415 Frappe Learning Management System has Client-Side Manipulation of Quiz Scores

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

CVE-2026-39415 Frappe Learning Management System has Client-Side Manipulation of Quiz Scores

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow

A flaw was found in FreeRDP. A malicious server can exploit a vulnerability in FastGlyph parsing, which improperly trusts data length without sufficient validation. This can lead to a client-side global buffer overflow, resulting in a denial of service DoS due to a crash. For this vulnerability t...

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.46.0 contained security vulnerabilities. These vulnerabilities stemmed from reliance on client-side calculations for quiz...

PT-2026-31439

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...

SUSE CVE-2026-28387

Issue summary: An uncommon configuration of clients performing DANE TLSA-based server authentication, when paired with uncommon server DANE TLSA records, may result in a use-after-free and/or double-free on the client side. Impact summary: A use after free can have a range of potential consequenc...

CVE-2026-39306

Summary of CVE-2026-39306 (PraisonAI): The vulnerability is a path traversal / arbitrary file write in PriasonAI’s recipe registry pull flow. Before version 1.5.113, the system extracts uploaded tar bundles with tar.extractall() without validating archive member paths, allowing a malicious publis...

CVE-2026-39306 PraisonAI recipe registry pull path traversal writes files outside the chosen output directory

PraisonAI is a multi-agent teams system. Prior to 1.5.113, PraisonAI's recipe registry pull flow extracts attacker-controlled .praison tar archives with tar.extractall and does not validate archive member paths before extraction. A malicious publisher can upload a recipe bundle that contains ../...

CVE-2026-33510

Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting XSS vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter callbackUrl, which is passed to redirect and router.push. An attacker can craft a malicious...

CVE-2026-33510 DOM-Based XSS in Homarr /auth/login Redirect

Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting XSS vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter callbackUrl, which is passed to redirect and router.push. An attacker can craft a malicious...

CVE-2026-30522

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the handling of user-supplied input in various parameters across both authenticated and unauthenticated areas of the application. An attacker can execute arbitrary JavaScript in the context of a victim's...

GHSA-MG36-WVCR-M75H Nuxt OG Image is vulnerable to reflected XSS via query parameter injection into HTML attributes

Product: Nuxt OG Image Version: 6.1.2 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation Description: Incorrect parsing of GET parameters leads to the possibility of HTML injection and JavaScript code injection. Impact: Client-Side JavaScript Execution Exploitation...

PT-2026-28652

Name of the Vulnerable Software and Affected Versions GRID::Machine versions through 0.127 Description GRID::Machine provides Remote Procedure Calls RPC over SSH for Perl. A compromised or malicious remote host can execute arbitrary code on the client through unsafe deserialization in the RPC...