GHSA-6GM8-3G4H-W82M Ella Core Panics Upon NGAP handover failure

Summary Ella Core panics when processing a NGAP handover failure message. Impact If an attacker can force a gNodeB to send NGAP handover failure messages to Ella Core, the process will crash, thereby disrupting service for all connected subscribers. Fix Improve guards in NGAP handover handlers...

EUVD-2026-10916

Sylius has a XSS vulnerability in checkout login form...

CVE-2026-31822

Sylius (PHP/Symfony eCommerce framework) has an XSS vulnerability in the shop checkout login form handled by ApiLoginController. When a login fails, AuthenticationFailureHandler returns a JSON message that is rendered into the DOM via innerHTML, allowing injected HTML/JS in the message to execute...

Sigstore 安全漏洞

Sigstore is an open-source software signature verification library developed by sigstore. Versions of Sigstore prior to 0.2.3 contained security vulnerabilities. These vulnerabilities stemmed from the improper propagation of failure messages during the verification process, which could lead to...

PT-2026-24476

Name of the Vulnerable Software and Affected Versions Sylius versions prior to 2.0.16 Sylius versions prior to 2.1.12 Sylius versions prior to 2.2.3 Description Sylius, an Open Source eCommerce Framework on Symfony, contains a cross-site scripting XSS issue in the shop checkout login form. The...

CVE-2025-12834

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failuremessage' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-12834

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failuremessage' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-12834

CVE-2025-12834 affects the WordPress plugin “Accept Stripe Payments Using Contact Form 7” and is due to insufficient input sanitization and output escaping in the failure_message parameter. The issue enables a Reflected XSS by unauthenticated attackers, who must lure a user to perform an action (...

CVE-2025-12834 Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failuremessage' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-12834 Accept Stripe Payments Using Contact Form 7 <= 3.1 - Reflected Cross-Site Scripting via failure_message

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failuremessage' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

WordPress plugin Accept Stripe Payments Using Contact Form 7 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based server.WordPress plug...

PT-2025-50810

The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'failure message' parameter in versions up to, and including, 3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-40681

Cross-site Scripting XSS vulnerability reflected in xCally's Omnichannel v3.30.1. This vulnerability allowsan attacker to executed JavaScript code in the victim's browser by sending them a malicious URL using the 'failureMessage' parameter in '/login'. This vulnerability can be exploited to steal...

EUVD-2018-20868

Malware in sbrugna...

glibc: buffer overflow in the GNU C Library's assert()

A flaw was found in the GNU C Library glibc. A buffer overflow condition via the assert function may be triggered due to glibc not allocating enough space for the assertion failure message string and size information. In certain conditions, a local attacker can exploit this, potentially leading t...

K000150805: Multiple Wireshark/tshark vulnerabilities

Security Advisory Description CVE-2018-9274 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failuremessage.c has a memory leak. CVE-2018-9273 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/dissectors/packet-pcp.c has a memory leak. CVE-2018-9272 In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to...

CVE-2025-0395

When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size...

Authentication flaw

An authentication bypass in Zultys MX-SE, MX-SE II, MX-E, MX-Virtual, MX250, and MX30 with firmware versions prior to 17.0.10 patch 17161 and 16.04 patch 16109 allows an unauthenticated attacker to obtain an administrative session via a protection mechanism failure in the authentication function...

CVE-2023-47102

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid...

Code injection

UrBackup Server 2.5.31 allows brute-force enumeration of user accounts because a failure message confirms that a username is not valid...