EUVD-2022-55996

Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower with VG4.2 partially affected contain a network message handling vulnerability that allows remote attackers to inject spoofed or tampered data and cause denial-of-service condition...

CVE-2026-36228

Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...

EUVD-2026-31472

Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality...

kea security update

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list DHCP implementation from Internet Systems Consortium, Inc. that features fully...

CVE-2026-24511

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.6 and versions 9.11.0.0 through 9.13.0.0, contains a generation of error message containing sensitive information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information...

Security update for python-aiohttp

This update for python-aiohttp fixes the following issues: CVE-2025-69228: Fixed denial of service through large payloads bsc1256022. CVE-2025-69226: Fixed brute-force leak of internal static file path components bsc1256020. CVE-2025-69224: Fixed unicode processing of header values could cause...

GHSA-J5MF-6RH3-RHGG CleverTap Web SDK is vulnerable to DOM-based XSS via handleCustomHtmlPreviewPostMessageEvent function

CleverTap Web SDK version 1.15.2 and earlier is vulnerable to Cross-site Scripting XSS via window.postMessage. The handleCustomHtmlPreviewPostMessageEvent function in src/util/campaignRender/nativeDisplay.js performs insufficient origin validation using the includes method, which can be bypassed ...

CVE-2026-24903

OrcaStatLLM Researcher is an LLM Based Research Paper Generator. A Stored Cross-Site Scripting XSS vulnerability was discovered in the Log Message in the Session Page in OrcaStatLLM-Researcher that allows attackers to inject and execute arbitrary JavaScript code in victims' browsers through...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-3687Cross-site scripting vulnerability in E-mail CWE-79 - CVE-2026-20711 CyVDB-3689Cross-site scripting vulnerability in Message CWE-79 - CVE-2026-22881 CyVDB-3995Improper input verification in...

CVE-2026-1625

CVE-2026-1625 affects D-Link DWR-M961 firmware 1.1.47. The vulnerability is in the SMS Message component, specifically sub_4250E0 in /boafrm/formSmsManage, where manipulating the action_value argument leads to command injection. The attack can be initiated remotely and an exploit is public. The c...

MetaGPT code issues and vulnerabilities

MetaGPT is a multi-agent framework developed by MetaGPT Inc. There are code issues and vulnerabilities in MetaGPT; these vulnerabilities stem from the deserializemessage function’s lack of verification of the data provided by users, which may lead to the deserialization of untrusted data and remo...

MiracleLinux 9 : skopeo-1.16.1-1.el9 (AXSA:2024-9102:06)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9102:06 advisory. containers/image: digest type does not guarantee valid type CVE-2024-3727 golang: net: malformed DNS message can cause infinite loop CVE-2024-24788...

CVE-2021-33576

An issue was discovered in Cleo LexiCom 5.5.0.0. Within the AS2 message, the sender can specify a filename. This filename can include path-traversal characters, allowing the file to be written to an arbitrary location on disk...

WordPress Social Media Auto Publish plugin <= 3.6.5 - Reflected Cross-Site Scripting via PostMessage vulnerability

Reflected Cross-Site Scripting via PostMessage vulnerability discovered by Nicolai Hellesnes nico in WordPress Plugin Social Media Auto Publish versions = 3.6.5...

Cross-site Request Forgery (CSRF)

Apollo Studio Embeddable Explorer & Embeddable Sandbox are vulnerable to cross-site request forgery CSRF. The vulnerability is due to missing origin validation in the client-side handling of window.postMessage events, which allows an attacker to send forged messages that trigger arbitrary GraphQL...

CVE-2025-12064

The WP2Social Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PostMessage in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

Cross-site Scripting (XSS)

@lobehub/cha is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to unsafe SVG rendering due to SVGRenderer using dangerouslySetInnerHTML for image/svg+xml lobeArtifact content. An attacker can inject malicious SVGs via chat messages...

CVE-2025-62694 Stored XSS through a system message

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in The Wikimedia Foundation Mediawiki - WikiLove Extension allows Stored XSS.This issue affects Mediawiki - WikiLove Extension: 1.39...

CVE-2025-62664

The CVE-2025-62664 entry describes a Stored XSS in the Wikimedia Foundation Mediawiki ImageRating Extension, exploitable via improper input neutralization in image rating-related functionality. Affected is the ImageRating Extension from master before version 1.39. The connected sources corroborat...

EUVD-2020-25876

Malware in sbrugna...