FreeBSD : qt6-webengine -- multiple vulnerabilities (738f5590-550c-11f1-9f97-3fa0ea3edd7d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 738f5590-550c-11f1-9f97-3fa0ea3edd7d advisory. Qt qtwebengine-chromium repo reports: Backports for 262 security bugs in Chromium: Tenable has...

PT-2026-42469

Name of the Vulnerable Software and Affected Versions Apex One/SEP agent affected versions not specified Description An origin validation error in the process protection mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must first have the ability to...

EUVD-2026-31180

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

CVE-2026-35009

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

CVE-2026-35009 Open ISES Tickets < 3.44.2 Reflected XSS via add_note.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnote.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacker...

CVE-2026-35009

Open ISES Tickets prior to 3.44.2 is affected by a reflected XSS in add_note.php via the ticket_id GET parameter. An attacker who is authenticated can craft a URL containing a JavaScript payload in ticket_id, which is then injected into a hidden input VALUE attribute and can execute in the victim...

GO-2026-4993 SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink (incomplete fix for CVE-2026-34585) in github.com/siyuan-note/siyuan/kernel

SiYuan: Electron Renderer RCE via decodeURIComponent-driven tooltip XSS in aria-label sink incomplete fix for CVE-2026-34585 in github.com/siyuan-note/siyuan/kernel...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if extcaps is valid in BL setup. LVDS connectors do not have extended backlight caps; therefore, check whether the pointer is valid before accessing it. Selected from commit...

PT-2026-42251

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add note.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticket id GET parameter directly into a hidden input field VALUE attribute...

tickets 跨站脚本漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from a reflection-based cross-site scripting flaw in the addnote.php file. It could...

CVE-2026-34358

creationtimestamp| type| source ---|---|--- 2026-05-19 23:01:48+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mmaioiuwkz2g 2026-05-19 23:07:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmaiyukcv72p...

CVE-2026-34600 Joplin Server delta API returns note content after share access is revoked

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

CVE-2026-34600 Joplin Server delta API returns note content after share access is revoked

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

CVE-2026-34600

CVE-2026-34600 affects Joplin (note-taking app). Versions

CVE-2025-57798 Joplin has Denial of Service (DoS) via Uncontrolled Resource Allocation through Title Input

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

CVE-2025-57798

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

EUVD-2025-209900

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

CVE-2025-57798 Joplin has Denial of Service (DoS) via Uncontrolled Resource Allocation through Title Input

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service DoS vulnerability in the title input functionality due to a lack of proper length validation. This flaw allows an attacker to cause an Ou...

CVE-2025-57798

CVE-2025-57798 affects Joplin

CLSA-2026-1779212665 php: Fix of 14 CVEs

CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...