105159 matches found
CVE-2026-48215
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmid POST parameter directly into an HTML form input value attribute. Attackers can...
EUVD-2026-31295
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmid POST parameter directly into an HTML form input value attribute. Attackers can...
CVE-2026-48214
Summary: CVE-2026-48214 affects Open ISES Tickets up to version 3.44.1. It is a reflected cross-site scripting vulnerability in add_nm.php where an unsanitized ticket_id POST parameter is echoed into an HTML form input value attribute and an inline JavaScript string literal, enabling authenticate...
CVE-2026-48214 Open ISES Tickets < 3.44.2 Reflected XSS via add_nm.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute and an inlin...
CVE-2026-48214 Open ISES Tickets < 3.44.2 Reflected XSS via add_nm.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute and an inlin...
RLSA-2026:3752 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: crypto/x50...
CVE-2026-48213
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...
CVE-2026-48213 Open ISES Tickets < 3.44.2 Reflected XSS via add.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...
CVE-2026-48213 Open ISES Tickets < 3.44.2 Reflected XSS via add.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...
EUVD-2026-31293
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...
CVE-2026-6841
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
CVE-2026-6841 Reflected XSS in Request Tracker
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
EUVD-2026-31269
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
CVE-2026-6841
The CVE-2026-6841 entry describes a reflected cross-site scripting (XSS) vulnerability in Request Tracker (RT) that is triggered via the Page parameter in GET requests, allowing arbitrary JavaScript execution in the victim’s browser. Affected RT versions are 5.0.4–5.0.9 and 6.0.0–6.0.2. The vulne...
CVE-2026-6841 Reflected XSS in Request Tracker
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
CVE-2026-6841
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
EUVD-2026-31270
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...
CVE-2026-5118
CVE-2026-5118 affects Divi Form Builder for WordPress (
CVE-2026-45253
ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. The missing validation allows ...