3257 matches found
CVE-2026-27402
Unauthenticated Cross Site Scripting XSS in Kids Life | Children School WordPress = 5.2 versions...
CVE-2026-27402
CVE-2026-27402 refers to an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress theme set for Kids Life | Children School, affected in versions
CVE-2026-27402 WordPress Kids Life | Children School WordPress theme <= 5.2 - Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in Kids Life | Children School WordPress = 5.2 versions...
CVE-2023-37524
HCL Traveler for Microsoft Outlook HTMO is susceptible to vulnerabilities due to .NET Framework 4.5 being out of service. Since .NET Framework 4.5 has reached end-of-life and no longer receives security updates, it may expose the application to publicly known security weaknesses through vulnerabl...
PT-2026-53036
Name of the Vulnerable Software and Affected Versions HCL Traveler for Microsoft Outlook HTMO affected versions not specified Description The application is susceptible to security weaknesses because it relies on .NET Framework 4.5, which has reached end-of-life. As this framework no longer...
UBUNTU-CVE-2026-11998
A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...
EUVD-2026-39080
A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...
CVE-2026-11998
CVE-2026-11998 affects AngularJS SCE (Strict Contextual Escaping) resource URLs. The flaw stems from the URL-matching logic using regular expressions, which can yield partial matches and bypass SCE policies, allowing unsafe values as resource URLs and potentially arbitrary JavaScript execution wi...
PT-2026-52086
Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...
CVE-2026-11772
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
CVE-2026-11772 Reflected XSS in DRIMO CMS
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
CVE-2026-11772
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
EUVD-2026-38450
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser. Product is in End Of Life phase and will not receive any updates. However, deleting info.php fi...
CVE-2026-11772
DRIMO CMS is affected by a Reflected XSS in the searching functionality, triggered via the q parameter. The vulnerability allows arbitrary JavaScript execution in the victim’s browser when a crafted URL is opened. The affected software is at end-of-life and no security updates are planned. Mitiga...
Astra Linux – Vulnerability in Apache Log4j1.2
By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter, where the values to be inserted are converted using PatternLayout. The message converter %m is likely to always be included. This allows attackers to manipulate SQL statements by entering crafted...
Thursday, June 18, 2026 Security Releases
Thursday, June 18, 2026 Security Releases UPDATE 2026-06-18 Security releases available Updates are now available for the 26.x, 24.x, 22.x Node.js release lines for the following issues. This security release includes the following dependency updates to address public vulnerabilities: llhttp 9.4....
D-Link Network Attached Storage - Command Injection and Backdoor Account
UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nassharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument...
CVE-2026-0419
Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...
CVE-2026-0412
Insufficient input validation vulnerability in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows administrators connected to the local network to make unauthorized modification of router software and functionality. NETGEAR JR6150 reached End-of-Support status in...
CVE-2026-10229
A flaw was found in Assimp, a library used for importing and exporting various 3D model formats. This vulnerability, a heap-based buffer overflow, exists within the HL1MDLLoader::readmeshes function of the Half-Life 1 MDL Loader component. A local attacker could exploit this by providing speciall...