2112 matches found
CVE-2026-30977
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...
CVE-2026-30977 RenderBlocking has Stored XSS in renderblocking-css with Inline Assets mode
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...
EUVD-2026-10714
RenderBlocking is a MediaWiki extension that allows interface administrators to specify render-blocking CSS and JavaScript. Prior to 0.1.1, there is Stored XSS in renderblocking-css with Inline Assets mode. $wgRenderBlockingInlineAssets = true and editsitecss user rights are required. This...
PT-2026-24343
Name of the Vulnerable Software and Affected Versions MediaWiki RenderBlocking versions prior to 0.1.1 Description The RenderBlocking extension for MediaWiki allows interface administrators to specify render-blocking CSS and JavaScript. Prior to version 0.1.1, a Stored Cross-Site Scripting XSS...
RenderBlocking 跨站脚本漏洞
RenderBlocking is a media wiki extension developed by Peter Li, designed to prevent page style changes from occurring intermittently. Versions of RenderBlocking prior to 0.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderblocking-css in the Inline Asse...
GHSA-Q5Q9-2RHP-33QW Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Impact When graphQLPublicIntrospection is disabled, type queries nested inside inline fragments e.g. ... on Query typename:"User" name bypass the introspection control, allowing unauthenticated users to perform type reconnaissance. schema introspection is not affected. Patches The check was chang...
Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Impact When graphQLPublicIntrospection is disabled, type queries nested inside inline fragments e.g. ... on Query typename:"User" name bypass the introspection control, allowing unauthenticated users to perform type reconnaissance. schema introspection is not affected. Patches The check was chang...
CVE-2026-30854
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, type queries nested inside inline fragments e.g. ... on Query typename:"User" name bypa...
CVE-2026-30854
Parse Server vulnerability CVE-2026-30854 affects versions 9.3.1-alpha.3 through before 9.5.0-alpha.10 when graphQLPublicIntrospection is disabled. Nested __type queries inside inline fragments (for example ... on Query { __type(name: "User") { name } }) can bypass introspection controls, enablin...
CVE-2026-30854 Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, type queries nested inside inline fragments e.g. ... on Query typename:"User" name bypa...
CVE-2026-30854 Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, type queries nested inside inline fragments e.g. ... on Query typename:"User" name bypa...
CVE-2026-30854 Parse Server: GraphQL `__type` introspection bypass via inline fragments when public introspection is disabled
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. From version 9.3.1-alpha.3 to before version 9.5.0-alpha.10, when graphQLPublicIntrospection is disabled, type queries nested inside inline fragments e.g. ... on Query typename:"User" name bypa...
PT-2026-23874
Name of the Vulnerable Software and Affected Versions Parse Server versions 9.3.1-alpha.3 through 9.5.0-alpha.10 Description Parse Server, an open source backend deployable on Node.js infrastructures, contains an issue where disabling graphQLPublicIntrospection does not fully prevent...
CVE-2026-30238
CVE-2026-30238 affects Group-Office. A reflected XSS in the external/index flow arises from the f parameter (Base64 JSON) being decoded and injected into an inline JavaScript block without strict escaping, enabling arbitrary JavaScript execution in the victim’s browser. Affected versions are prio...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.15-2026-098 (ALASKERNEL-5.15-2026-098)
The version of kernel installed on the remote host is prior to 5.15.201-140.219. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2026-098 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in b...
CVE-2026-2747
SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005724)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005724 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written t...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005733)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005733 advisory. In the Linux kernel, the following vulnerability has been resolved: btrfs: fix resolving backrefs for inline extent followed by prealloc If a file consists of an...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005673)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005673 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written t...
EUVD-2026-9384
SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...