CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

CVE-2026-23086 vsock/virtio: cap TX credit to local buffer size

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peerbufalloc, which is set from the remote endpoint's SOVMSOCKETSBUFFERSIZE value. On the host side this means that the...

CVE-2026-1447

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

GO-2026-4343 SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel

SiYuan has a Reflected Cross-Site Scripting XSS via /api/icon/getDynamicIcon in github.com/siyuan-note/siyuan/kernel...

CVE-2025-5319

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Emit Informatics and Communication Technologies Industry and Trade Ltd. Co. DIGITA Efficiency Management System allows SQL Injection. This issue affects DIGITA Efficiency Management System: through...

EUVD-2025-206734

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Emit Information and Communication Technologies Industry and Trade Ltd. Co. Efficiency Management System allows SQL Injection.This issue affects Efficiency Management System: through 03022026. NOTE...

CVE-2025-6397 XSS in Ankara Hosting's web site

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Ankara Hosting Website Design Website Software allows Reflected XSS. This issue affects Website Software: through 03022026. NOTE: The vendor was contacted early about this disclosure but did...

CVE-2026-1447 Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

CVE-2026-1447

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

CVE-2026-1447

Summary: The Mail Mint plugin for WordPress (versions ≤ 1.19.2) is affected by a Cross-Site Request Forgery (CSRF) due to missing nonce validation in the create_or_update_note function. This can allow unauthenticated attackers to create or update contact notes by tricking an administrator, with t...

EUVD-2026-5291

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

PT-2026-5763

Name of the Vulnerable Software and Affected Versions ingress-nginx affected versions not specified Description A denial of service condition exists in the validating admission controller feature. Sending large requests to the validating admission controller can lead to excessive memory...

PT-2026-5760

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to v1.13.7 ingress-nginx versions 1.14.0 through 1.14.3 Description The nginx.ingress.kubernetes.io/auth-method Ingress annotation in ingress-nginx can be exploited to inject configuration into nginx. This can lead...

PT-2026-5762

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to 1.11.4 ingress-nginx versions prior to 1.12.1 Description A security issue exists in ingress-nginx where the protection provided by the auth-url Ingress annotation may not function as expected due to a specific...

PT-2026-5761

Name of the Vulnerable Software and Affected Versions ingress-nginx versions prior to v1.13.7 ingress-nginx versions 1.14.0 through 1.14.2 Description The rules.http.paths.path Ingress field in ingress-nginx can be exploited to inject configuration into nginx. This can result in arbitrary code...

MINI-P737-R47J-WX49

Bulletin has no description...

MINI-M93R-PPHG-5WF7

Bulletin has no description...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the jsStringEscape function. An attacker can execute arbitrary code in generated files by injecting / sequences that breaks out of JavaScript comment blocks. Note: This vulnerability stems from an...

CVE-2025-7013

The CVE-2025-7013 issue is an Authorization Bypass via a user-controlled key in the QR Menu Pro Smart Menu Systems Menu Panel. Documents confirm the affected component is the Menu Panel (versions up to 29012026). The root cause is improper authorization handling that permits exploitation of trust...

ECHO-F3F1-7685-1435

Bulletin has no description...