105339 matches found
CVE-2026-42030
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2026-42030
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
EUVD-2026-28807
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2026-42030
Technical details about CVE-2026-42030 are not publicly provided in the supplied documents. Monitor for updates from MapServer advisories and the CVE entry.
CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2026-42030 MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2026-42030
MapServer is a system for developing web-based GIS applications. From version 6.0 to before version 8.6.2, a reflected XSS vulnerability in MapServer's WMS server allows an unauthenticated attacker to inject arbitrary HTML/JavaScript into the browser of any user who opens a crafted WMS URL. The...
CVE-2026-41693
CVE-2026-41693 affects i18next-fs-backend
EUVD-2026-28694
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walkcontrol on inactive context in damoswalk damoswalk sets ctx-walkcontrol to the caller-provided control structure before checking whether the context is running. If the context is inactive damonisrunning...
EUVD-2026-28644
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
EUVD-2026-28561
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
CVE-2026-42353 Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters
i18next-http-middleware is a middleware to be used with Node.js web frameworks like express or Fastify and also for Deno. Prior to version 3.9.3, i18next-http-middleware passes the user-controlled lng and ns values from getResourcesHandler directly into...
CVE-2026-42353
CVE-2026-42353 affects i18next-http-middleware prior to 3.9.3. User-controlled lng and ns values flow from getResourcesHandler directly into i18next.services.backendConnector.load, and depending on the configured backend this can enable path traversal or SSRF. Public advisories (GHSA-jfgf-83c5-2c...
CVE-2026-43441
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...
CVE-2026-37431
Beauty Parlour Management System v1.1 was discovered to contain a SQL injection vulnerability via the aptnumber parameter in the /appointment-detail.php endpoint. This vulnerability allows attackers to access sensitive database information via a crafted SQL statement...
CVE-2026-43401
The CVE-2026-43401 issue affects the Linux kernel's intel_pstate component. A NULL pointer dereference can occur in update_cpu_qos_request() when the code dereferences cpudata before validating the policy, especially on systems booted with nosmt where all_cpu_data[cpu] may be NULL for SMT sibling...
UBUNTU-CVE-2026-43288
In the Linux kernel, the following vulnerability has been resolved: ext4: move ext4percpuparaminit before ext4mbinit When running kvm-xfstests -c ext4/1k -C 1 generic/383 with the DOUBLECHECK macro defined, the following panic is triggered:...
CVE-2026-43291
In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b "net: nfc: nci: Add parameter validation for packet data" communication with nci nfc chips is not working any more. The mentioned commit tries to f...
CVE-2022-50994
DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that allows unauthenticated remote attackers to execute arbitrary commands by injecting shell metacharacters into the formpassword parameter. Attackers can exploit...
CVE-2026-44127 Local File Inclusion (LFI) and Arbitrary File Deletion
SEPPmail Secure Email Gateway before version 15.0.4 contains an unauthenticated path traversal vulnerability in the identifier parameter of /api.app/attachment/preview that allows remote attackers to read arbitrary local files and trigger deletion of files in the targeted directory with the...