EUVD-2026-30371

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

EUVD-2026-12598

The GL-iNet Comet GL-RM1 KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification...

GHSA-MMF8-487Q-P45M Striae has a hash validation utility vulnerability

Summary A high-severity integrity bypass vulnerability existed in Striae's digital confirmation workflow prior to v3.0.0. Hash-only validation trusted manifest hash fields that could be modified together with package content, allowing tampered confirmation packages to pass integrity checks. Impac...

Unspecified vulnerability in Kentico Xperience (CNVD-2026-04264)

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a security vulnerability that can be exploited by an attacker to cause URL hashes to be tampered with...