CVE-2026-44633 Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries

Live Helper Chat is an open-source application that enables live support websites. In 4.84v, the Live Helper Chat REST API chat update endpoint allows a REST user with lhchat/use to update a chat in a department they cannot read. The endpoint accepts arbitrary chat object fields, so the user can...

Linux Distros Unpatched Vulnerability : CVE-2025-41117

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious...

EUVD-2020-4744

Malware in sbrugna...

EUVD-2012-4143

Malware in sbrugna...

EUVD-2023-43146

Malicious code in bioql PyPI...

GHSA-QF34-QPR4-5PPH docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token

GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...

PT-2025-5784 · Ibm · Ibm Applinx

Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

CVE-2023-32751

Pydio Cells through 4.1.2 allows XSS. Pydio Cells implements the download of files using presigned URLs which are generated using the Amazon AWS SDK for JavaScript 1. The secrets used to sign these URLs are hardcoded and exposed through the JavaScript files of the web application. Therefore, it i...

Provide Server 14.4 XSS / Cross Site Request Forgery / Code Execution

Provide Server v. 14.4 CVE-2023-23286 Vulnerabilities: CWE-79: Improper Neutralization of Input During Web Page Generation Unauthenticated stored XSS in server-log delivered via username field from login-form CWE-352: Cross-Site Request Forgery CSRF-token exposed in javascript, making it possible...

SUSE CVE-2007-2164

Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service browser crash or abort via JavaScript that matches a regular expression against a long string, as demonstrated using /./...

PT-2021-20839 · Zimbra · Zimbra Web Client +1

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions 8.8.0 through 8.8.15 Patch 22 Zimbra Collaboration Suite versions 9.0.0 through 9.0.0 Patch 15 Description: A security issue exists in the login component of Zimbra Web Client, where an attacker can execute...

Дырка в WebSphere

Возможно компрометация 3й строной за счет URL содержащей javascript http://our.websphere.server/../scriptalert'helloworld'/script...