CVE-2026-40976

A flaw was found in Spring Boot. Under specific conditions, including being a servlet-based web application without custom Spring Security configuration and relying on the default web security filter chain, a remote attacker could bypass security. This allows unauthorized access to all applicatio...

CVE-2026-40976

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

EUVD-2026-25940

In certain circumstances, Spring Boot's default web security is ineffective allowing unauthorized access to all endpoints. For an application to be vulnerable, it must: be a servlet-based web application; have no Spring Security configuration of its own and rely on the default web security filter...

Incus 路径遍历漏洞

Incus is a system container and virtual machine manager developed by LXC. Versions of Incus prior to 6.23.0 contained a path traversal vulnerability. This vulnerability arises when an attacker can set custom configuration keys, causing Incus to write to directories other than those associated wit...

Improper neutralization of `noscript` element content may allow XSS in Sanitize

Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize = 5.0.0, = 6.0.1 always removes noscript elements and their contents, even when noscript is in the allowlist. Workarounds Users who are unable to upgrade can prevent this issue by using one of...

CVE-2023-23627 Sanitize vulnerable to Cross-site Scripting via Improper neutralization of `noscript` element

Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows noscript elements, attackers are able to include arbitrary HTML, resulting in XSS cross-site...

CVE-2023-23627

Sanitize is an allowlist-based HTML and CSS sanitizer. Versions 5.0.0 and later, prior to 6.0.1, are vulnerable to Cross-site Scripting. When Sanitize is configured with a custom allowlist that allows noscript elements, attackers are able to include arbitrary HTML, resulting in XSS cross-site...

Cross-site Scripting (XSS)

Overview sanitize is a Ruby HTML and CSS sanitizer. Affected versions of this package are vulnerable to Cross-site Scripting XSS. When HTML is sanitized using Sanitize's "relaxed" config or a custom config that allows certain elements, some content in a or element may not be sanitized correctly...

Cross-site Scripting in Sanitize

When HTML is sanitized using Sanitize's "relaxed" config or a custom config that allows certain elements, some content in a or element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config o...

openSUSE Security Update : samba (openSUSE-SU-2013:1339-1)

"This update of samba fixed the following issues : - The pamwinbind requiremembershipof option allows for a list of SID, but currently only provides buffer space for 20; bnc806501. - Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections;...