CVE-2026-35390 Content-Security-Policy was set to Report-Only mode, failing to block XSS attacks

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...

WordPress OSS Aliyun Plugin <= 1.4.10 is vulnerable to SQL Injection

Software OSS Aliyun Type Plugin Vulnerable versions = 1.4.10 Fixed in 1.4.11 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-30494 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID f4acc3b1af32 Credits Majed Refaea Required privilege Administrator...

UBUNTU-CVE-2023-3072

HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11...