CVE-2025-40901

CVE-2025-40901 describes a stored HTML injection in the Credentials Manager ( Guardian/CMC ) prior to 26.1.0. The root cause is improper validation of an input parameter, allowing an administrator to define an identity containing HTML tags. When a victim deletes that identity, the injected HTML c...

IBM Guardium Data Protection 跨站脚本漏洞

IBM Guardium Data Protection is a data security and activity monitoring platform for database auditing, vulnerability assessment and compliance management. A cross-site scripting vulnerability exists in IBM Guardium Data Protection. The vulnerability stems from the failure of the Web UI to proper...

CVE-2026-4897

A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via standard input stdin. This unbounded input can lead to an out-of-memory OOM condition, resulting in a Denial of Service DoS for the...

GHSA-7J2X-32W6-P43P SVG Dimension Capping Bypass via XML Comment Injection in @dicebear/converter ensureSize()

Summary The ensureSize function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafting SVG input that causes the regex to match a non-functional occurrence of s...

CVE-2026-32322 soroban-sdk: `Fr` scalar field equality comparison bypasses modular reduction

soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...

phpFox Security Vulnerabilities

phpFox is a social networking platform from phpFox Inc. A security vulnerability exists in phpFox 4.8.13 and earlier versions, which stems from user input passed to the /core/redirect route via a url request parameter that is not properly cleaned up before calling the unserialize PHP function,...

Dell SRS Policy Manager 代码问题漏洞

Dell SRS Policy Manager is an application from Dell USA. It provides Dell policy management features. A security vulnerability exists in SRS Policy Manager 6.X. The vulnerability stems from a misconfigured XML parser that fails to perform sufficient validation when processing user-supplied DTD...

Unvalidated DOM redirect

Web applications occasionally use DOM input values to store the address of the page to which the client will be redirected -- for example: yoursite.com//?redirect=www.yoursite.com/404.asp An unvalidated redirect occurs when the client is able to modify the affected parameter value and thus contro...

Multiple vulnerabilities in Drupal Registration codes module

Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community.Registration codes is one of the modules that provides users with a valid registration code when they register a new account on the site. A cross-site scripting vulnerability and a...