Chromium: CVE-2026-11176 Inappropriate implementation in Media

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Security Bulletin: A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. (CVE-2026-4096)

Summary A vulnerability has been identified in IBM DevOps Plan that allows a Host Header Injection attack due to improper handling of the Host header in HTTP requests. Version 3.0.7 addresses the vulnerability. Vulnerability Details CVEID:CVE-2026-4096 DESCRIPTION: IBM DevOps Plan is vulnerable t...

CVE-2026-8993

Technical details are not publicly available in the provided documents. Monitor for updates.

CVE-2026-48209 Reflected XSS in authenticated agent context

An improper neutralization of user-controllable input in OTRS or OTRS Community Edition ticket handling allows authenticated attackers to perform reflected cross-site scripting XSS attacks via crafted request parameters associated with ticket actions. By injecting malicious JavaScript into...

[BSA-134] Security Update for jq

ChangZhuo Chen uploaded new packages for jq which fixed the following security problems: CVE-2026-32316 jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvpstringappend and jvpstringcopyreplacebad functions, where concatenating strings...

CVE-2026-8267

A flaw has been found in Open5GS up to 2.7.7. This vulnerability affects the function smfnsmfhandlecreateddatainvsmf of the component SMF. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of...

SUSE-SU-2026:1755-1 Security update for freeipmi

This update for freeipmi fixes the following issue: - CVE-2026-33554: improper memory handling and data validation can lead to stack buffer overflows and acceptance of malformed payloads/responses bsc1260414...

RHCOS 4 : OpenShift Container Platform 4.17.16 (RHSA-2025:1122)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:1122 advisory. - cri-o: CRI-O Path Traversal in Log Handling Functions Allows Arbitrary Unmounting CVE-2025-0750 Note that Nessus has not tested for this...

Security update for freeipmi (important)

openSUSE security update: security update for freeipmi ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20556-1 Rating: important References: bsc1260414 Cross-References: CVE-2026-33554 CVSS scores: CVE-2026-33554 SUSE : 7.6...

Ubuntu: Security Advisory (USN-8176-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RLSA-2026:8119 Important: squid security update

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid: Squid: Denial of Service via heap Use-After-Free vulnerability in ICP handling CVE-2026-33526 Squid: Squid: Denial of Service via crafted ICP traffic CVE-2026-32748 For...

CLSA-2026-1776178825 Fix of 8 CVEs

SECURITY UPDATE: fix vulnerability in stream handling - debian/patches/CVE-2025-53019.patch: fix vulnerability in stream handling - CVE-2025-53019 SECURITY UPDATE: fix integer overflow in resize - debian/patches/CVE-2025-55212.patch: fix integer overflow in resize - CVE-2025-55212 SECURITY UPDATE...

EUVD-2026-19982

Improper neutralization of input during web page generation 'cross-site scripting' vulnerability in The Wikimedia Foundation Mediawiki - Score Extension allows Cross-Site Scripting XSS.This issue affects Mediawiki - Score Extension...

CVE-2026-34563 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when handling backup uploads and processing backup metadata. An...

PT-2026-29601

Name of the Vulnerable Software and Affected Versions AIOHTTP versions prior to 3.13.4 Description Insufficient restrictions in header/trailer handling could lead to uncapped memory usage. An application could experience memory exhaustion when processing attacker-controlled requests or responses....

WordPress plugin Ibtana – WordPress Website Builder 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

PT-2026-27853

Name of the Vulnerable Software and Affected Versions The Grid versions prior to 2.8.0 Description An issue exists in The Grid that allows for Stored Cross-Site Scripting XSS. This occurs due to improper neutralization of input during web page generation. The vulnerability allows an attacker to...

CVE-2025-15519

Improper input handling in a modem-management administrative CLI command on TP-Link Archer NX200, NX210, NX500 and NX600 allows crafted input to be executed as part of an operating system command. An authenticated attacker with administrative privileges may execute arbitrary commands on the...

Cross-site Scripting (XSS)

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ecardmessage handling process. An attacker can inject arbitrary HTML and JavaScript into greeting car...

GHSA-VGGC-6PG2-XVP9 Vulnogram contains a stored cross-site scripting vulnerability in comment hypertext handling

Vulnogram 1.0.0 contains a stored cross-site scripting vulnerability in comment hypertext handling that allows attackers to inject malicious scripts. Remote attackers can inject XSS payloads through comments to execute arbitrary JavaScript in victims' browsers...