29779 matches found
CVE-2026-1010 Stored Cross-Site Scripting in Altium Enterprise Server Workflow Engine Allows Privilege Escalation
A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...
CVE-2026-1010
A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...
CVE-2026-1010 Stored Cross-Site Scripting in Altium Enterprise Server Workflow Engine Allows Privilege Escalation
A stored cross-site scripting XSS vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow,...
CVE-2026-1010
CVE-2026-1010 is a stored XSS vulnerability in the Altium Workflow Engine caused by missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data, and when an administrator views the affected workflow, the ...
Node.js: HashDoS in V8
Vulnerability description not provided...
CVE-2026-21903
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...
CVE-2026-21903
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...
CVE-2026-21906 Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICMP packet causes the PFE to crash
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart. When PowerMode...
CVE-2026-21903 Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...
CVE-2026-21903
CVE-2026-21903 is a stack-based buffer overflow in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS. A network-based attacker with low privileges can trigger a Denial-of-Service by subscribing to telemetry sensors at scale, which causes all FPC connections to drop, an FPC crash, an...
CVE-2026-21903
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...
EUVD-2026-2692
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...
Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.4 security update
The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...
CVE-2026-20047
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...
CVE-2026-20076
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
CVE-2026-20047
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...
CVE-2026-20076
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied inpu...
SUSE-SU-2026:20086-1 Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.7.0 ESR bsc1256340. - MFSA 2026-03 bsc1256340 CVE-2026-0877: Mitigation bypass in the DOM: Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphic...
CVE-2026-20047 Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...
CVE-2026-20047 Cisco Identity Services Engine Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to...