Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express has a cross-site scripting vulnerability , the vulnerability stems from the xtaccess.cgi endpoint EXT, DESTPORT or COMMENT parameter on the user-supplied data lack of effective filtering...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the hosts.cgi script in the IP, HOSTNAME or COMMENT parameter on the user-supplied data lack of effective filtering and...

Smoothwall Express 跨站脚本漏洞

Smoothwall Express is Smoothwall open source a GNU/Linux-based firewall operating system . Smoothwall Express cross-site scripting vulnerability , the vulnerability stems from the ipblock.cgi endpoint of the SRCIP and COMMENT parameters of the user-supplied data lack of effective filtering and...

CVE-2025-13973

The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...

CVE-2025-13973

CVE-2025-13973 affects StickEasy Protected Contact Form for WordPress. Wordfence and Red Hat/CVEs indicate an unauthenticated Sensitive Information Disclosure in all versions up to 1.0.2, where spam-detection logs are stored at wp-content/uploads/stickeasy-protected-contact-form/spcf-log.txt and ...

CVE-2026-26000

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in...

PT-2026-8045

The StickEasy Protected Contact Form plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.0.2. The plugin stores spam detection logs at a predictable publicly accessible location...

SUSE-SU-2026:20428-1 Security update for go1.25

This update for go1.25 fixes the following issues: Update to version 1.25.7. Security issues fixed: - CVE-2025-61732: cmd/go: discrepancy between Go and C/C++ comment parsing allows for C code smuggling bsc1257692. - CVE-2025-68121: crypto/tls: Config.Clone copies automatically generated session...

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

CVE-2026-26000

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in...

CVE-2026-26000

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.9.0, 17.4.6, and 16.10.13, it's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. This vulnerability is fixed in...

CVE-2026-26000

CVE-2026-26000 : XWiki Platform is vulnerable to CSS-injection in comments that can transform the entire wiki UI into a clickable link area leading to a malicious page. Affected versions are prior to 17.9.0, 17.4.6, and 16.10.13. The root cause is a comment-based CSS injection that enables a clic...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via the public comment submission endpoint. An attacker can disrupt service availability by sending a specially crafted payload. Details Denial of Service DoS describes a family of attacks, all aimed at making a...

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

XWiki vulnerable to click-jacking through CSS injection in comments

Impact It's possible using comments to inject CSS that would transform the full wiki in a link area leading to a malicious page. All versions of XWiki are impacted by this kind of attack. Patches The problem has been patched not by preventing injecting CSS in comments, which is currently a featur...

PT-2026-7853

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...

Halo 安全漏洞

Halo is a powerful and easy-to-use open-source website building tool developed by Halo. Versions of Halo 2.22.4 and earlier contain security vulnerabilities. These vulnerabilities stem from defects in the public comment submission endpoint, which could allow remote attackers to trigger a...

CVE-2025-70886

CVE-2025-70886 affects Halo CMS, version 2.22.4 and earlier. A crafted payload submitted to the public comment endpoint can cause a denial of service, impacting service availability. The issue is documented across multiple feeds (Red Hat, NVD, OSV, CIRCL, Snyk, etc.) and is associated with a DoS ...

CVE-2025-70886

An issue in halo v.2.22.4 and before allows a remote attacker to cause a denial of service via a crafted payload to the public comment submission endpoint...