11402 matches found
pdfmake is vulnerable to server-side request forgery (SSRF)
Server-Side Request Forgery SSRF vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy method allowing server operato...
CVE-2026-29177
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...
CVE-2026-29177
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...
CVE-2026-29177
Summary of vulnerability (CVE-2026-29177) : Craft Commerce for Craft CMS has a stored XSS flaw in the Order Details slideout. User-supplied input in fields such as the Shipping Method Name, Order Reference, or Site Name can inject JavaScript that executes when a user opens the order details via d...
CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...
CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...
CVE-2026-29177 Craft Commerce has Stored XSS in Craft Commerce Order Details Slideout
Craft Commerce is an ecommerce platform for Craft CMS. Prior to 4.10.2 and 5.5.3, a Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the ord...
GHSA-MJ32-R678-7MVP Craft Commerce has stored XSS in Craft Commerce Order Details Slideout
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the order details slideout via a double-click on the order index page, the inject...
Cross-site Scripting (XSS)
Overview craftcms/commerce is a Craft Commerce Affected versions of this package are vulnerable to Cross-site Scripting XSS in the processing of order details in the slideout interface when user-supplied input is rendered without proper sanitization in fields such as Shipping Method Name, Order...
Craft Commerce has stored XSS in Craft Commerce Order Details Slideout
Summary A Stored Cross-Site Scripting XSS vulnerability exists in the Craft Commerce Order details. Malicious JavaScript can be injected via the Shipping Method Name, Order Reference, or Site Name. When a user opens the order details slideout via a double-click on the order index page, the inject...
CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...
CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...
CVE-2026-31795 iccDEV has a stack buffer overflow write in CIccXform3DLut::Apply()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow write in CIccXform3DLut::Apply corrupting stack memory or crash. This vulnerability is fixed in 2.3.1.5...
EUVD-2026-10734
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum::GetValues causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5...
CVE-2026-30987 iccDEV has a stack buffer overflow in CIccTagNum<(icTagTypeSignature)>::GetValues()
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a stack buffer overflow in CIccTagNum::GetValues causing stack memory corruption or crash. This vulnerability is fixed in 2.3.1.5...
CVE-2026-30986
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5...
EUVD-2026-10732
iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to 2.3.1.5, there is a heap-based buffer overflow write in CIccMatrixMath::SetRange causing memory corruption or crash. This vulnerability is fixed in 2.3.1.5...
EUVD-2026-10542
Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.1, The TimescaleDB export module constructs SQL queries using string concatenation with unsanitized system monitoring data. The normalize method wraps string values in single quotes but does not escape embedded single...
CVE-2026-30930
CVE-2026-30930 affects Glances prior to version 4.5.1. The TimescaleDB export module builds SQL queries by concatenating unsanitized system-monitoring data. The normalize() function wraps values in single quotes but does not escape embedded quotes, allowing SQL injection via attacker-controlled d...
CVE-2026-3483
An exposed dangerous method in Ivanti DSM before version 2026.1.1 allows a local authenticated attacker to escalate their privileges...