CVE-2026-27963

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification...

CVE-2026-27963 Audiobookshelf has Stored XSS in Tooltip.vue via Audiobook Metadata

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification...

CVE-2026-27973

Audiobookshelf (mobile app) prior to 0.12.0-beta is affected by a stored cross-site scripting (XSS) vulnerability via malicious library metadata that allows arbitrary JavaScript execution in victim users’ browsers/WebViews. According to the advisory, attackers with library modification privileges...

PT-2026-22118

Audiobookshelf is a self-hosted audiobook and podcast server. A stored cross-site scripting XSS vulnerability exists in versions prior to 2.32.0 of the Audiobookshelf web application that allows arbitrary JavaScript execution through malicious library metadata. Attackers with library modification...

CVE-2025-64642

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64642 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

Malicious code in ahmedsamir (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d527f7646e9964e0df01a63bb18b2c08b1f114b359f497c0cc28e91574d2bf3b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-144384 Malicious code in library-prettier-plugin-markdown-alphard-betelgeuse (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5dc7128ddccd3f81a83c4a91ce2bfe6370036f9430a0229bb9548409a2beeb82 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

fcovatti libiec_iccp_mod 缓冲区错误漏洞

LibiecIccpMod is used to modify Libiec6850 Mms to use the Iccp client. fcovatti A buffer error vulnerability exists in libieciccpmod, which stems from the product's failure to properly handle certain special packets. An attacker could cause a denial of service via this vulnerability...

UniFi Video 代码问题漏洞

UniFi Video is an integrated IP video management surveillance system. A security vulnerability exists in Ubiquiti UniFi Video v3.10.13, which allows emulation and modification of the library to execute code on the system...

Emerson Electric DeltaV Privilege Mismanagement Vulnerability

Emerson Electric DeltaV is a digital automation system from Emerson Electric USA. The system offers I/O on-demand configuration, embedded intelligent control, and alarm panels. A security vulnerability exists in Emerson Electric DeltaV. An attacker could use this vulnerability to modify executabl...

RealOne Player for Linux 2.2 Alpha - Insecure Configuration File Permission Privilege Escalation

RealOne Player for Linux 2.2 Alpha - Insecure Configuration File Permission Privilege Escalation // source: https://www.securityfocus.com/bid/8571/info The configuration files for the RealOne Player are installed in the a hidden folder in a users home directory. The issue presents itself, because...