CVE-2026-40483 ChurchCRM: Stored XSS in PledgeEditor.php via Donation Comment Field

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars. An authenticated user with Finance permissions can inject HTML attribute-breaking...

EUVD-2026-23595

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars. An authenticated user with Finance permissions can inject HTML attribute-breaking...

CVE-2026-40483 ChurchCRM: Stored XSS in PledgeEditor.php via Donation Comment Field

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars. An authenticated user with Finance permissions can inject HTML attribute-breaking...

[SECURITY] Fedora 44 Update: kf6-ktexteditor-6.25.0-1.fc44

KTextEditor provides a powerful text editor component that you can embed in y our application, either as a KPart or using the KF6::TextEditor library if you n eed more control. The text editor component contains many useful features, from syntax highlighting and automatic indentation to advanced...

CVE-2026-24906

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting XSS vulnerability in the Backend Editor Settings. The Markup Classes fields used for paragraph styles, inline styles, table styles, etc. did not sanitize input to...

CVE-2025-12141

A flaw was found in Grafana's alerting system. Users with editor permissions, specifically those able to write or test alert notifications, can modify contact points created by other users. By changing the endpoint URL to a controlled server and triggering the test functionality, an attacker can...

net.enilink.platform:net.enilink.platform.web (=1.6.0), org.webjars.npm:formio__core (=2.6.0) +1 more potentially affected by CVE-2026-41240 via org.webjars.npm:dompurify (>=3.1.7 <=3.3.0)

org.webjars.npm:dompurify MAVEN version =3.1.7, =0.54.0, =0.55.1 Source cves: CVE-2026-41240 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16078388...

EUVD-2026-23096

A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's ReadJeffsImage function allows an attacker to write beyond an allocated buffer by processing a specially crafted GIF file. This can lead to a denial of service or potentially arbitrary code execution...

CVE-2026-40918 Gimp: gimp: denial of service via crafted pvr image file

A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service DoS. This occurs due to a stack-based buffer overflow and an out-of-bounds read in the PVR image loader, causing the application to crash. Systems that process untrusted P...

CVE-2026-40918

CVE-2026-40918 (GIMP) : A flaw in the GIMP PVR image loader can cause a denial of service when processing specially crafted, large-dimension PVR files. Root cause: a stack-based buffer overflow and an out-of-bounds read during loading, leading to application crash. Affected: systems that process ...

CVE-2026-40917

CVE-2026-40917 is reported in GIMP as a heap over-read in the ICNS image loader via icns_slurp() when processing crafted ICNS files. Affected software is GIMP; the vulnerability may cause application crashes or information disclosure. The connected documents corroborate the issue across multiple ...

CVE-2026-40916

A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service DoS. By opening a specially crafted TIM image file, the application crashes due to an unconditional overflow when writing to a...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. There is a security vulnerability in GIMP, which stems from a buffer overflow in the file-seattle-filmworks plugin. This vulnerability may lead to a denial-of-service attack when specific Seattle Filmworks files are opened...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from integer overflow in the FITS image loader. This could lead to a heap buffer overflow when processing specially crafted FITS files, potentially causing denial-of-service attac...

(0Day) Docker Desktop System Editor Uncontrolled Search Path Element Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Docker Desktop. An attacker must first obtain the ability to escape the container and execute high-privileged code within the Docker Hyper-V VM in order to exploit this vulnerability. The specific flaw...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from a stack buffer overflow and out-of-bounds read vulnerabilities in the PVR image loader. This vulnerability may lead to denial-of-service attacks when processing specially...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from a buffer overflow in the GIF image loading component called the ReadJeffsImage function. This vulnerability could lead to denial of service or the execution of arbitrary code...

GIMP 安全漏洞

GIMP is an open-source bitmap image editor developed by the GIMP team. GIMP has a security vulnerability, which stems from a stack buffer overflow in the 4BPP decoding path of the TIM image loader. This vulnerability may cause denial-of-service attacks when opening specially crafted TIM image fil...

PT-2026-33130

A flaw was found in GIMP. This vulnerability, a buffer overflow in the file-seattle-filmworks plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacker could leverage this to cause a denial of service DoS, leading to the plugin crashing and potential...

Novu has a XSS sanitization bypass

Summary XSS sanitization is incomplete, some attributes are missing such as oncontentvisibilityautostatechange=. This allows for the email preview to render HTML that executes arbitrary JavaScript, Details Sanitization is implemented here:...