38 matches found
CVE-2026-33393
Discourse contains a vulnerability in the spam protection check for allowed_spam_host_domains. Before versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the check used String#end_with? without domain boundary validation, permitting a suffix-bypass such as attacker-example.com when example.com wa...
CVE-2021-47917
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
CVE-2021-47917
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
EUVD-2021-34754
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
CVE-2021-47917
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
CVE-2021-47917 Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters
Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000875)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000875 advisory. Memory leak in the unshareuserns function in kernel/usernamespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service memory...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002312)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002312 advisory. Memory leak in the unshareuserns function in kernel/usernamespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service memory...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002188)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002188 advisory. The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001826)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001826 advisory. Memory leak in the unshareuserns function in kernel/usernamespace.c in the Linux kernel before 3.10.6 allows local users to cause a denial of service memory...
EUVD-2024-21926
Malicious code in bioql PyPI...
webkitgtk: Improper access management to CLONE_NEWUSER and the TIOCSTI ioctl
A flaw was found in webkitgtk in versions prior to 2.28.3 and in WPE WebKit in versions prior to 2.28.3. The bubblewrap sandbox failed to properly block access to CLONENEWUSER and the TIOCSTI ioctl. CLONENEWUSER could potentially be used to confuse xdg- desktop-portal, which allows access outside...
CVE-2024-24507
Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component...
CVE-2024-24507
Act-On (v2023) is affected by a Cross Site Scripting vulnerability in the login.jsp component, exploitable via the newUser parameter. The issue enables a remote attacker to execute arbitrary code through XSS. The vulnerability is documented across multiple sources (Act-On context; login.jsp; newU...
Act-On 安全漏洞
Act-On is an email marketing automation platform for businesses from Act-On, Inc. in the United States. A security vulnerability exists in Act-On version 2023. A remote attacker can exploit the vulnerability to execute arbitrary code via the newUser parameter in the login.jsp component...
PT-2024-20427 · Act-On · Act-On
Name of the Vulnerable Software and Affected Versions: Act-On version 2023 Description: The issue allows a remote attacker to execute arbitrary code via the newUser parameter in the "login.jsp" component. This enables the attacker to perform Cross Site Scripting attacks. Recommendations: For Act-...
CVE-2024-24507
Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component...
The vulnerability of the nf_tables module of the netfilter subsystem in Linux operating systems allows attackers to increase their privileges.
The vulnerability of the nftables module in the netfilter subsystem of Linux kernel operating systems is related to the operation of writing data beyond the buffer boundaries when processing indexes. Exploiting this vulnerability can allow attackers to enhance their privileges by calling...
Cross site scripting
Cross-site scripting XSS vulnerability in cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & sFlow Analyzer 8.6.2.16204, and possibly other versions before 9.0.1.19899, allows remote attackers to inject arbitrary web script or HTML via the newUser parameter. NOTE: this might not ...