CVE-2026-33128

H3 is a minimal HTTP framework. In versions prior to 1.15.6 and between 2.0.0 through 2.0.1-rc.14, createEventStream is vulnerable to Server-Sent Events SSE injection due to missing newline sanitization in formatEventStreamMessage and formatEventStreamComment. An attacker who controls any part of...

CVE-2019-25316

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

CVE-2019-25316 GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

PT-2026-7610

GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary...

CVE-2025-71084

CVE-2025-71084 (Linux kernel) fixes a leak in the multicast GID table reference within RDMA/cm. If the CM ID is destroyed while the multicast creation event is queued, cancel_work_sync() can prevent the work from running and destroy ah_attr, causing a refcount leak and a WARN in kernel logs. Affe...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

EUVD-2025-32200

Malicious code in bioql PyPI...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

PT-2025-40415

Name of the Vulnerable Software and Affected Versions The Matrix specification versions prior to 1.16 Description The Matrix specification, when using a room version before 12, does not ensure uniqueness of create events. Recommendations Update to version 1.16 or later...

CVE-2025-54315

The CVE-2025-54315 issue affects the Matrix protocol: prior to matrix 1.16 (room version

CVE-2025-54315

The Matrix specification before 1.16 i.e., with a room version before 12 lacks create event uniqueness...

Linux Distros Unpatched Vulnerability : CVE-2022-47372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability b...

GHSA-76VF-MPMX-777J Graylog Allows Session Takeover via Insufficient HTML Sanitization

Impact It is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition Remediation Step field. For this attack to succeed, the attacker needs a user account with permissions to create event definitions, while the user must have permissions to view alerts...

CVE-2022-47372

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the...

CVE-2022-47372

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the...

UBUNTU-CVE-2022-47372

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the...

CVE-2022-47372 Stored cross-site scripting vulnerability in create event section

Stored cross-site scripting vulnerability in the Create event section in Pandora FMS Console v766 and lower. An attacker typically exploits this vulnerability by injecting XSS payloads on popular pages of a site or passing a link to a victim, tricking them into viewing the page that contains the...

PT-2023-15287 · Unknown · Pandora Fms Console

Name of the Vulnerable Software and Affected Versions: Pandora FMS Console versions v766 and lower Description: A stored cross-site scripting vulnerability exists in the Create event section. An attacker can exploit this by injecting XSS payloads on popular pages or passing a link to a victim,...