CVE-2026-42887 Audiobookshelf: Stored Cross-Site Scripting in Login Page Custom Message

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

PT-2026-39752

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting XSS vulnerability exists in the Login Page due to improper sanitization of the authLoginCustomMessage field of the /api/auth-settings endpoint. An attacker with administrative privileges c...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007586)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007586 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move NPIV's transport unregistration to after resource clean up There are cases after...

CVE-2026-31822

Sylius is an Open Source eCommerce Framework on Symfony. A cross-site scripting XSS vulnerability exists in the shop checkout login form handled by the ApiLoginController Stimulus controller. When a login attempt fails, AuthenticationFailureHandler returns a JSON response whose message field is...

Sylius 跨站脚本漏洞

Sylius is an open-source e-commerce platform developed by the Polish company Sylius, based on the Symfony framework. Sylius has a cross-site scripting vulnerability. This vulnerability arises from the use of the innerHTML method to render the message field in the login form during checkout, which...

CVE-2025-1396

A username enumeration vulnerability exists in multiple WSO2 products when Multi-Attribute Login is enabled. In this configuration, the system returns a distinct "User does not exist" error message to the login form, regardless of the validateusername setting. This behavior allows malicious actor...

GHSA-7XVH-C266-CFR5 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via welcome message

Description Since version 4.12.0, Dependency-Track users with the SYSTEMCONFIGURATION permission can configure a "welcome message", which is HTML that is to be rendered on the login page for branding purposes. When rendering the welcome message, Dependency-Track versions before 4.13.6 did not...

EUVD-2012-3398

Malware in sbrugna...

EUVD-2025-1531

Malicious code in bioql PyPI...

PT-2025-1189

Name of the Vulnerable Software and Affected Versions MGate 5121/5122/5123 Series firmware version v1.0 Description A stored Cross-site Scripting XSS vulnerability exists due to insufficient sanitization and encoding of user input in the Login Message functionality. An authenticated attacker with...

NetScaler ns.log "Failed to process setclient for id , user due to "<license limit reached>""

Customer finds following message in /var/log/ns.log, which indicates some gateway users failed to login: Aug 14 09:17:01 x.x.x.x 08/14/2023:01:17:01 GMT xxxxxxx 0-PPE-5 : default SSLVPN Message 503230 0 : "Failed to process setclient for id , user due to " "...

CVE-2023-20108

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the...

CVE-2023-20108

A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&P users who are attempting to authenticate to the...

GLPI 跨站脚本漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

CVE-2020-14988

An issue was discovered in Bloomreach Experience Manager brXM 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML elements, the translations menu via the foldername parameter, the author page via the link URL, or the...

Kali Linux 2020.4 - Penetration Testing and Ethical Hacking Linux Distribution

Time for another Kali Linux release! – Kali Linux 2020.4. This release has various impressive updates: ZSH is the new default shell – We said it was happening last time, Now it has. ZSH. Is. Now. Default. Bash shell makeover – It may not function like ZSH, but now Bash looks like ZSH. Partnership...

DEBIAN-CVE-2018-1000179

A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 in the quasselcore void CoreAuthHandler::handleconst Login &msg coreauthhandler.cpp line 235 that allows an attacker to cause a denial of service...

Low: Red Hat Security Advisory: openssh security update

Updated openssh packages that fix bugs in sshd are now available for Red Hat Enterprise Linux 3. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell protocol implementation. This package includes the core files...