NPM: hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection

NPM: hono/jsx has Unvalidated JSX Tag Names that May Allow HTML Injection vulnerability discovered by ? in WordPress Npm hono versions 4.12.16...

HTML Injection

Overview hono is an Ultrafast web framework for the Edges Affected versions of this package are vulnerable to HTML Injection via the jsx element tag. An attacker can inject unintended HTML elements or attributes, corrupt the HTML structure, or execute scripts by supplying malicious tag names as...

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules

NPM: Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules vulnerability discovered by ? in WordPress Npm nitro versions 3.0.260429-beta...

Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users

Summary Multiple classes evaluate Spring Expression Language SpEL expressions from user-supplied input using StandardEvaluationContext, which provides unrestricted access to Java types and methods. An authenticated user with the ADMIN role can achieve Remote Code Execution and credential...

GHSA-J7J9-5253-F7VH Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code Execution by admin users

Summary Multiple classes evaluate Spring Expression Language SpEL expressions from user-supplied input using StandardEvaluationContext, which provides unrestricted access to Java types and methods. An authenticated user with the ADMIN role can achieve Remote Code Execution and credential...

GHSA-VXRR-W42W-W76G Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass

Summary Request::getMethod unconditionally honors the X-HTTP-Method-Override header and the $REQUEST'method' parameter on any HTTP verb including safe verbs such as GET, with no opt-in and no whitelist of permitted target methods. A GET request can silently become a DELETE or PUT, enabling CSRF...

GHSA-3XJV-PMF2-GF2Q Flight has path traversal in `make:controller` CLI that creates arbitrary directories outside project root

Summary The make:controller CLI command calls mkdir..., recursive: true on a path built from the user-supplied controller name, before Nette's class-name validation runs. The class-file write is correctly rejected by Nette when the name contains /, but the recursive directory creation side effect...

GHSA-FCX8-PH5R-MXR4 Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...

Flight has reflected XSS through an unvalidated JSONP callback in Flight::jsonp()

Summary Flight::jsonp concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating that the value is a legal JavaScript identifier. An attacker can inject arbitrary JavaScript that executes in the response origin, enabling reflected cross-site...

CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

wger: trainer_login open redirect - ?next= parameter not validated against host

Summary The trainerlogin view in wger redirects to request.GET'next' directly via HttpResponseRedirect without calling urlhasallowedhostandscheme. After the trainer successfully enters impersonation mode, their browser is redirected to any attacker-controlled URL supplied in the ?next= parameter,...

CVE-2026-7983

Out of bounds read in Dawn in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

ExploitMind

ExploitMind Overview ExploitMind is an en...

CVE-1999-0497

creationtimestamp| type| source ---|---|--- 2026-05-06 13:28:27+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/ftp/ftpanonymous.rb...

RLSA-2026:13641 Moderate: python-tornado security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Important: Red Hat Security Advisory: Release of components for Service Telemetry Framework 1.5.7

Release of components for the Service Telemetry Framework Service Telemetry Framework STF provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat...

CVE-2026-43107

In the Linux kernel, the following vulnerability has been resolved: xfrm: account XFRMAIFID in aevent size calculation xfrmgetae allocates the reply skb with xfrmaeventmsgsize, then buildaevent appends attributes including XFRMAIFID when x-ifid is set. xfrmaeventmsgsize does not include space for...

Moderate: Red Hat Security Advisory: capstone security update

An update for capstone is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE CVE-2026-32689

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: application/x-ndjson,...

PT-2026-38270

Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The Flight::jsonp function concatenates the jsonp query parameter directly into an application/javascript response body without validating if the value is a legal JavaScript identifier. This allows a...