SUSE CVE-2026-23409

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this the unpack should verify that a diff-encode chain terminates. Unfortunately the differential encod...

Rack 安全漏洞

Rack is a modular Ruby web server interface developed by Rack authors. Vulnerabilities exist in versions of Rack prior to 2.2.23, 3.1.21, and 3.2.6. These vulnerabilities stem from Rack::Utils.selectbestencoding, which has a quadratic time complexity when processing Accept-Encoding headers...

PT-2026-31711

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.20, 10.1.0-M1 through 10.1.53, and 9.0.40 through 9.0.116 Description A flaw exists within the JsonAccessLogValve component of Apache Tomcat related to improper encoding or escaping of output...

PT-2026-29809

Name of the Vulnerable Software and Affected Versions Rack versions prior to 2.2.23, 3.1.21, and 3.2.6 Description Rack::Utils.select best encoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by...

PT-2026-29785

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with edit faq permission can upload a malicious SVG that executes...

Rack's multipart parsing without Content-Length header allows unbounded chunked file uploads

Summary Rack::Multipart::Parser only wraps the request body in a BoundedIO when CONTENTLENGTH is present. When a multipart/form-data request is sent without a Content-Length header, such as with HTTP chunked transfer encoding, multipart parsing continues until end-of-stream with no total size...

Rack has quadratic complexity in Rack::Utils.select_best_encoding via wildcard Accept-Encoding header

Summary Rack::Utils.selectbestencoding processes Accept-Encoding values with quadratic time complexity when the header contains many wildcard entries. Because this method is used by Rack::Deflater to choose a response encoding, an unauthenticated attacker can send a single request with a crafted...

GHSA-5CRX-PFHQ-4HGG phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation

Summary The regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from...

phpMyFAQ: SVG Sanitizer Bypass via HTML Entity Encoding Leads to Stored XSS and Privilege Escalation

Summary The regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from...

CVE-2026-34396

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo admin panel renders plugin configuration values in HTML forms without applying htmlspecialchars or any other output encoding. The jsonToFormElements function in admin/functions.php directly interpolates...

CVE-2026-34566

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editi...

GHSA-FC4P-P49V-R948 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise

Summary A critical Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fails to properly sanitize user-controlled input before rendering it in the administrative interface, allowing attackers to inject persistent JavaScript cod...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Categories section of blog management. An attacker can execute arbitrary JavaScript in the context of other users by...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the menu management process when user-controlled input is added to navigation menus via the Posts section and rendered without proper output...

EUVD-2026-18076

CI4MS: Menu Management Pages Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the menu management process when user-controlled input is added to navigation menus and rendered without proper sanitization or output encoding...

CVE-2026-34566

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within the Page Management functionality when creating or editi...

CVE-2026-34562

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several...

CVE-2026-34561

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Social Media Management. Multiple...

CVE-2026-23406

A flaw was found in AppArmor within the Linux kernel. The matchchar macro, when processing differential encoding chains, incorrectly advances the string pointer multiple times. This can lead to an out-of-bounds read when the pointer moves beyond the input buffer boundary. A local attacker could...