PT-2026-46753

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Incorrect security UI in Tab Hover Cards allows a remote attacker to perform domain spoofing by using a crafted domain name. Recommendations Update to version 149.0.7827.53 or later...

PT-2026-28077

Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attacke...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002420)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002420 advisory. The CRC32C feature in the Btrfs implementation in the Linux kernel before 3.8-rc1 allows local users to cause a denial of service prevention of file creation by...

EUVD-2021-28423

Malicious code in bioql PyPI...

CVE-2025-54293

Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links...

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

CVE-2023-50456

An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name...

CVE-2022-40606

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605...

CVE-2025-24530

An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS...

CVE-2024-52888 - Mobile Access File Share applications are vulnerable to stored XSS attacks

Symptoms - When an authenticated Mobile Access portal end-user browses to a File Share application, the portal may run a script while attempting to display a directory or some file's properties. Additionally, an authenticated attacker may store specially crafted file/dir names for other...

CVE-2023-50456

An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name...

puppet: Puppet Server ReDoS

A Regular expression Denial of Service ReDoS issue was found in the Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

SUSE CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

DEBIAN-CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

UBUNTU-CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

UBUNTU-CVE-2022-1271

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name for example, a crafted file name, this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation...

Cross-site Scripting in Weblate

Impact Due to improper neutralization, it was possible to perform cross-site scripting via crafted user and language names. Patches The issues were fixed in the 4.11 release. The following commits are addressing it: f6753a1a1c63fade6ad418fbda827c6750ab0bda 9e19a8414337692cc90da2a91c9af5420f2952f1...

Apple iPadOS 输入验证错误漏洞

Apple iPadOS is a suite of operating systems for the iPad tablet computer from Apple USA. An input validation error vulnerability exists in Apple iOS and iPadOS that stems from the handling of maliciously crafted HomeKit accessory names could result in a denial of service...

Artica Pandora FMS 跨站脚本漏洞

Artica Pandora FMS is a monitoring system from the Spanish company Artica. The system monitors networks, servers, virtual infrastructures, applications, etc. in a visual way.Artica Pandora FMS 755 and previous versions have security vulnerabilities that allow attackers to perform XSS attacks...

PYSEC-2020-51

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. This has been fixed in 0.12...