CVE-2026-25200

A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentication, leading to Stored XSS, which can result in account takeover This issue affects MagicINFO 9 Server: less than 21.1090.1...

CVE-2026-25200

Summary: MagicInfo9 Server contains a vulnerability that allows authorized users to upload HTML files without authentication, leading to Stored XSS and potential account takeover. Affected versions: MagicINFO 9 Server

Innomic VibroLine Series 访问控制错误漏洞

The Innomic VibroLine Series is a professional vibration measurement and analysis system developed by the German company Innomic. The Innomic VibroLine Series has a access control vulnerability; this vulnerability arises from the possibility that unverified remote attackers can switch between...

Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2026-1120)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

TikiWiki 17.1 Cross Site Scripting

A cross site scripting vulnerability exists in TikiWiki CMS version 17.1. The vulnerability allows remote attackers to inject arbitrary web script or HTML. This issue is older research added to the archive...

EUVD-2026-5000

HotCRP is conference review software. HotCRP versions from October 2025 through January 2026 delivered documents of all types with inline Content-Disposition, causing them to be rendered in the user’s browser rather than downloaded. The intended behavior was for only text/plain, application/pdf,...

CVE-2025-63658

A stack overflow in the mkhttpindexlookup function mkserver/mkhttp.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

SUSE CVE-2026-1504

Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: High...

ROS-20260129-73-0073

A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets. Exploitation of the vulnerability could allo...

ROS-20260129-73-0074

A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets. Exploitation of the vulnerability could allo...

ROS-20260129-73-0075

A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets. Exploitation of the vulnerability could allo...

Cacti security vulnerabilities

Cacti is a set of open-source network traffic monitoring and analysis tools developed by the Cacti team. This tool retrieves data using SNMPGet, generates graphs with RRDTool for analysis, and provides features for data management and user administration. Cacti versions 1.2.29 and earlier contain...

PT-2026-5341

Name of the Vulnerable Software and Affected Versions Monkey versions prior to commit f37e984 Description A flaw exists in the mk http range parse function located in mk server/mk http.c that can lead to a Denial of Service DoS. This occurs when a specially crafted HTTP request is sent to the...

ROS-20260129-73-0060

A vulnerability in the WebGPU component of Google Chrome and Microsoft Edge browsers is related to memory usage after it is freed. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

CVE-2025-66488 Discourse allows script execution in uploaded HTML/XML files on S3

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

CVE-2025-69517

An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agentid parameter accepts up to 255 characters and is improperly sanitized...

CVE-2026-1391 Vzaar Media Management <= 1.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Vzaar Media Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on the $SERVER'PHPSELF' variable. This makes it possible for unauthenticated attackers to inject...

PT-2026-5176

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

CVE-2026-24736

Squidex (up to 7.21.0) is vulnerable to a Server-Side Request Forgery (SSRF) in the Webhook configuration. The url parameter used by Rules engine webhooks does not validate destination IPs, allowing local addresses (e.g., 127.0.0.1, localhost). When a rule triggers, the backend makes an HTTP requ...

php: PHP Hostname Null Character Vulnerability

A flaw was found in PHP. The fsockopen function and related functions fail to validate NULL characters within the provided hostname, potentially leading to unexpected behavior during parsing. This flaw allows a network attacker to supply a specially crafted hostname. This issue can result in a...