9318 matches found
CVE-2026-47734
Dulwich prior to 1.2.5 is vulnerable to an unbounded memory allocation in receive-pack when processing a crafted thin pack. A tiny push (~174 bytes) can declare a huge dest_size in the delta header, causing add_thin_pack / apply_delta to allocate hundreds of MB regardless of actual data. Impacted...
PT-2026-48476
Affected: @hulumi/policies 1.4.0 — Fixed in: 1.4.0 — Severity: High — CWE-284 Improper Access Control Summary HULUMI-H1 forbids raw aws:s3:Bucket outside of Hulumi's SecureBucket component, with one exemption: a raw bucket that's a child of a SecureBucket is allowed because the component is...
EUVD-2026-35715
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
EUVD-2026-35623
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
EUVD-2026-35637
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-34691
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when th...
CVE-2026-48258
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-47987
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
CVE-2026-34694 Adobe Experience Manager Forms JEE | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-47977 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
Description of the security update for SharePoint Server 2016 Language Pack: June 9, 2026 (KB5002881)
Description of the security update for SharePoint Server 2016 Language Pack: June 9, 2026 KB5002881 Summary Important: If you're running Microsoft SharePoint Server 2013-type workflows, you must install the August 2025 update for SharePoint Workflow Manager to your farm before you install this...
PT-2026-47731
A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 Build 63255 allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and sessio...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among oth...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager is a content management solution developed by Adobe Inc. in the United States. It can be used to build websites, mobile applications, and forms. This solution supports mobile content management, marketing and sales activity management, and multi-site management, among...
PT-2026-48082
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
PT-2026-48097
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
PT-2026-48086
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...
Memory Allocation with Excessive Size Value
Overview Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value through the ReceivePackHandler via addthinpack/applydelta flows when handling crafted thin packs with attacker-controlled delta headers. An attacker can cause excessive memory allocation by...
Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack / applydelta, it would...
GHSA-XRVJ-V92F-53GJ Dulwich has unbounded memory allocation in receive-pack from crafted thin packs
Impact An uncontrolled-resource-consumption memory exhaustion denial-of-service vulnerability CWE-400 / CWE-789. A client with push access could push a tiny crafted thin pack 174 bytes whose delta header declares a huge destsize. When dulwich ingested it via addthinpack / applydelta, it would...