CVE-2026-43887

Outline is a collaborative documentation service. From 0.84.0 to 1.6.1, the comment feature allows mentions of other users, but the backend does not validate or sanitize the href of mentions, permitting dangerous protocols (e.g., javascript:) to slip through and enable client-side code execution....

the-hazardous-interface

No d...

Echo Specto CM 代码问题漏洞

Echo Specto CM is a call center management system from Echo Turkey. A code issue vulnerability exists in versions prior to Echo Specto CM 17032025, which stems from an unrestricted upload of hazardous types of files, which could lead to remote code inclusion...

Malicious code in indah-gado-gado57-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 320b9a836d285da336b24310325919817a8ca44ea136fb90168cf37022c63b75 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

WordPress plugin Drop Uploader for CF7 - Drag&Drop File Uploader Addon 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... WordPress...

Summar Portal del Empleado 代码问题漏洞

Summar Portal del Empleado is an employee portal system from Summar Spain. A code issue vulnerability exists in Summar Portal del Empleado that stems from an unrestricted hazardous file type upload that could result in the upload of malicious files via the parameter...

Malicious code in snap-score-meaning386 (npm)

The package snap-score-meaning386 was found to contain malicious code...

SATO CL4/6NX Plus和SATO CL4/6NX-J Plus 代码问题漏洞

SATO CL4/6NX Plus and SATO CL4/6NX-J Plus are both series of smart industrial label printers from SATO Japan. A code issue vulnerability exists in the SATO CL4/6NX Plus and SATO CL4/6NX-J Plus versions prior to 1.15.5-r1, which stems from the fact that uploading a specially crafted hazardous file...

AGENTSAFE: Benchmarking the Safety of Embodied Agents on Hazardous Instructions

The rapid advancement of vision-language models VLMs and their integration into embodied agents have unlocked powerful capabilities for decision-making. However, as these systems are increasingly deployed in real-world environments, they face mounting safety concerns, particularly when responding...

CISA: Waterside Security of Especially Hazardous Cargoes (EHC)

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

Hazardous Method or Function Vulnerability Exposed by Siemens SINEC Traffic Analyzer

SINEC Traffic Analyzer is an on-premise application that monitors PNIO PROFINET IO communication between controllers and IO devices. The software detects PROFINET communication problems and reports them to the user via Web-UI. Siemens SINEC Traffic Analyzer has an exposed dangerous method or...

CVE-2024-22338 IBM Security Verify Access OIDC Provider information disclosure

IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: 279978...

Security Bulletin: A Security Vulnerability was discovered in the IBM Security Verify Access OpenID Connect Provider (CVE-2024-22338)

Summary The IBM Security Verify Access OpenID Connect Provider could disclose sensitive information to a local user. This has been addressed in the OIDC Provider 23.12. Vulnerability Details CVEID:CVE-2024-22338 DESCRIPTION: IBM Security Verify Access OIDC Provider could disclose sensitive...

CVE-2022-22384

IBM Security Verify Privilege On-Premises 11.5 could allow an attacker to modify messages returned from the server due to hazardous input validation. IBM X-Force ID: 221961...

Security Bulletin: IBM Security Guardium is affected by an Hazardous Input Validation vulnerability (CVE-2022-43903)

Summary IBM Security Guardium has addressed this vulnerability. Vulnerability Details CVEID:CVE-2022-43903 DESCRIPTION: IBM Security Guardium could allow an authenticated user to cause a denial of service due to due to improper input validation. CVSS Base score: 4.3 CVSS Temporal Score: See:...

Event Ticketing System 1.0 Cross Site Scripting

Title: Event Ticketing System-1.0 XSS-Reflected - RCE Author: nu11secur1ty Date: 09/08/2023 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-ticketing-system/sectionDemo Reference: https://portswigger.net/web-security/cross-site-scripting/reflected Description: The...

Desdev DedeCMS 代码问题漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A code issue vulnerability exists in...

Security Bulletin: IBM QRadar SIEM is vulnerable to Hazardous Input Validation (CVE-2023-26273)

Summary IBM QRadar SIEM could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM QRadar SIEM has addressed the applicable vulnerability. Vulnerability Details CVEID:CVE-2023-26273 DESCRIPTION: IBM QRadar could allow an authenticated user to perform...

CVE-2023-26273

IBM QRadar SIEM 7.5.0 could allow an authenticated user to perform unauthorized actions due to hazardous input validation. IBM X-Force ID: 248134...

Security Bulletin: IBM Guardium Data Encryption (GDE) has a vulnerability (CVE-2021-39022), related to hazardous input.

Summary Vulnerability identified in IBM Guardium Data Encryption GDE, related to hazardous input. Please apply the latest version for the fixes. Vulnerability Details CVEID: CVE-2021-39022 DESCRIPTION: IBM Guardium Data Encryption GDE saves user-provided information into a Comma-Separated Value C...