5228 matches found
Off-by-one Error
Overview Affected versions of this package are vulnerable to Off-by-one Error through improper bounds checking in the PKCS12 bag handling process. An attacker can cause memory corruption by appending to a PKCS12 bag that already contains 32 elements, potentially resulting in denial of service or...
CVE-2026-42410
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor allows DOM-Based XSS.This issue affects TheGem Theme Elements for Elementor: from n/a before 5.12.1.1...
CVE-2026-5943
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information...
CVE-2026-42410 WordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor allows DOM-Based XSS.This issue affects TheGem Theme Elements for Elementor: from n/a before 5.12.1.1...
CVE-2026-42410 WordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor allows DOM-Based XSS.This issue affects TheGem Theme Elements for Elementor: from n/a before 5.12.1.1...
EUVD-2026-25822
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor allows DOM-Based XSS.This issue affects TheGem Theme Elements for Elementor: from n/a before 5.12.1.1...
CVE-2026-42410
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor allows DOM-Based XSS.This issue affects TheGem Theme Elements for Elementor: from n/a before 5.12.1.1...
CVE-2026-42410
The CVE-2026-42410 entry describes a DOM-based XSS in the WordPress TheGem Theme Elements (for Elementor) plugin, affecting versions before 5.12.1.1. Root cause: improper neutralization of input during web page generation. Impact is limited to client-side data integrity and potential user-facing ...
WordPress TheGem theme Elements (for Elementor) plugin < 5.12.1.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin TheGem Theme Elements for Elementor versions 5.12.1.1...
WordPress Plugin TheGem Theme Elements for Elementor 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...
PT-2026-35398
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodexThemes TheGem Theme Elements for Elementor allows DOM-Based XSS.This issue affects TheGem Theme Elements for Elementor: from n/a before 5.12.1.1...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-elasticsearch-store is a Spring AI Elasticsearch Vector Store Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...
Improper Neutralization of Special Elements in Data Query Logic
Overview org.springframework.ai:spring-ai-mongodb-atlas-store is a Spring AI Vector Store - MongoDB Atlas Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the FilterExpressionConverter implementations. An attacker can alter...
GHSA-H3RR-9WQJ-V3C6 AstrBot has Incomplete Filtering of Special Elements
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.22.1. This affects the function createtemplate of the file astrbot/dashboard/routes/t2i.py of the component Dashboard API. The manipulation results in improper neutralization of special elements used in a template engine. The atta...
AstrBot 安全漏洞
AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Versions of AstrBot 4.22.1 and earlier contained a security vulnerability. This vulnerability stemmed from an issue in the createtemplate function within the Dashboard API’s routes/t2i.py file, wher...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP5 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38234: sched/rt: Fix race in pushrttask bsc1246057. CVE-2026-23103: ipvlan: Make the addrslock be per port bsc1257773. CVE-2026-23243: RDMA/umad: Reject negative...
SUSE-SU-2026:1575-1 Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2025-38234: sched/rt: Fix race in pushrttask bsc1246057. - CVE-2026-23103: ipvlan: Make the addrslock be per port bsc1257773. - CVE-2026-23243: RDMA/umad:...
CVE-2026-41238
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype...
Security update for the Linux Kernel
The SUSE Linux Enterprise 15 SP4 kernel was updated to fix various security issues The following security issues were fixed: CVE-2025-38234: sched/rt: Fix race in pushrttask bsc1246057. CVE-2026-23103: ipvlan: Make the addrslock be per port bsc1257773. CVE-2026-23243: RDMA/umad: Reject negative...
SUSE CVE-2026-0540
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...