CVE-2026-23900

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered...

CVE-2026-23900

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered...

CVE-2026-23900

Phoca Maps component for Joomla (versions 5.0.0–6.0.2) contains stored XSS in the maps- and icon rendering logic. This is documented across CVE sources (NVD, Red Hat, EUVD, CIRCL, CVE List) with a CVSS v3.1 base score of 6.5 (Medium) and no exploitation details provided. The root cause is not exp...

CVE-2026-23900 Extension - phoca.cz - Stored XSS vectors in Phoca Maps component 5.0.0 - 6.0.2 for Joomla

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered...

PT-2026-32097

Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered...

CVE-2026-20711

Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

CVE-2026-22888

Improper input verification issue exists in Cybozu Garoon 5.0.0 to 6.0.3, which may lead to unauthorized alteration of portal settings, potentially blocking access to the product...

CVE-2026-20711

Cross-site scripting vulnerability exists in E-mail function of Cybozu Garoon 5.0.0 to 6.0.3, which may allow an attacker to reset arbitrary users’ passwords...

Cybozu Garoon 安全漏洞

Cybozu Garoon is a portal-based OA office system developed by Cybozu Corporation. This system provides functions such as portals, email, bookmarks, calendar management, bulletin boards, and file management. Versions of Cybozu Garoon from 5.0.0 to 6.0.3 have security vulnerabilities. These...

CVE-2025-68271

OpenC3 COSMOS (versions 5.0.0–6.10.1) has a critical remote code execution vulnerability exploitable via the JSON-RPC API. The flaw occurs when parsing attacker-controlled parameter text with String#convert_to_value; for array-like inputs, convert_to_value may execute eval(), allowing an unauthen...

UBUNTU-CVE-2025-12385

Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick...

PT-2024-24050 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 5.0.0 through 6.0.0 Description: The issue allows a remote authenticated attacker to alter and/or obtain the data of Memo due to an incorrect authorization vulnerability. Recommendations: For Cybozu Garoon versions 5.0....

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg versions n5.1 through n6.1, which can be exploited by an attacker to cause a denial of service DoS via a crafted input...

UBUNTU-CVE-2023-33285

An issue was discovered in Qt 5.x before 5.15.14, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. QDnsLookup has a buffer over-read via a crafted reply from a DNS server...

SUSE CVE-2021-45930

Qt SVG in Qt 5.0.0 through 5.15.2 and 6.0.0 through 6.2.1 has an out-of-bounds write in QtPrivate::QCommonArrayOps::growAppend called from QPainterPath::addPath and QPathClipper::intersect...

PT-2022-35045 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.5 through v6.0.2 Description: A potential security issue exists due to a mismatch in get/set sgl sge nr. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

Malicious code in 5to6-exports (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 341557457bb8c37a9fe35de09fad31d239bf12cb8d137417205690870f214cac Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

com.buession.cas:buession-cas-captcha (>=2.0.0 <=2.2.1), com.buession.cas:buession-cas-oauth (>=2.3.0 <=2.3.2) +240 more potentially affected by CVE-2021-42567 via org.apereo.cas:cas-server-core-web (>=5.0.0 <=6.4.1)

org.apereo.cas:cas-server-core-web MAVEN version =5.0.0, =2.0.0, =2.3.0, =1.1.0, =1.1.0, =2.3.0, =1.2.0, =1.1.0, =1.1.0, =5.0.0, =5.0.0, =6.3.1, =6.1.7, =6.3.1, =6.3.1, =6.3.10 and more Source cves: CVE-2021-42567 Source advisory: OSV:GHSA-GFHX-JJWQ-63GV...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR Openemr community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A security vulnerability exists in OpenEMR versions 5.0.0 through 6.0.0.1...

IBM Rational Engineering Lifecycle Manager Information Disclosure Vulnerability (CNVD-2019-07358)

IBM Rational Engineering Lifecycle Manager is a product lifecycle management application that helps you visualize, analyze, and gain insight into engineering lifecycle data. An information disclosure vulnerability exists in IBM Rational Engineering Lifecycle Manager 5.0 - 6.0.6. A malicious user...