105203 matches found
CVE-2026-48215
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmid POST parameter directly into an HTML form input value attribute. Attackers can...
CVE-2026-48215
Open ISES Tickets before 3.44.2 is affected by a reflected cross-site scripting (XSS) in circle.php via the frm_id POST parameter. An authenticated attacker can inject arbitrary JavaScript by passing an unsanitized value into a form input value attribute, which executes in the victim’s browser wh...
CVE-2026-48215 Open ISES Tickets < 3.44.2 Reflected XSS via circle.php frm_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in circle.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the frmid POST parameter directly into an HTML form input value attribute. Attackers can...
CVE-2026-48214 Open ISES Tickets < 3.44.2 Reflected XSS via add_nm.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute and an inlin...
CVE-2026-48214 Open ISES Tickets < 3.44.2 Reflected XSS via add_nm.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in addnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute and an inlin...
CVE-2026-48214
Summary: CVE-2026-48214 affects Open ISES Tickets up to version 3.44.1. It is a reflected cross-site scripting vulnerability in add_nm.php where an unsanitized ticket_id POST parameter is echoed into an HTML form input value attribute and an inline JavaScript string literal, enabling authenticate...
RLSA-2026:3752 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes: crypto/x50...
CVE-2026-48213
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...
EUVD-2026-31293
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...
CVE-2026-48213 Open ISES Tickets < 3.44.2 Reflected XSS via add.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...
CVE-2026-48213 Open ISES Tickets < 3.44.2 Reflected XSS via add.php ticket_id Parameter
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in add.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid POST parameter directly into an HTML form input value attribute. Attackers can...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in ONNX [CVE-2026-28500]
Summary IBM Watson Speech Services Cartridge is vulnerable to a security control bypass in onnx.hub.load due to improper logic in the repository trust verification mechanismCVE-2026-28500. ONNX is used in our speech runtimes. This vulnerabilitiy has been addressed. Please read the details for...
CVE-2026-6841
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
CVE-2026-6841 Reflected XSS in Request Tracker
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
CVE-2026-6841
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
EUVD-2026-31269
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
CVE-2026-6841 Reflected XSS in Request Tracker
Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....
CVE-2026-6841
The CVE-2026-6841 entry describes a reflected cross-site scripting (XSS) vulnerability in Request Tracker (RT) that is triggered via the Page parameter in GET requests, allowing arbitrary JavaScript execution in the victim’s browser. Affected RT versions are 5.0.4–5.0.9 and 6.0.0–6.0.2. The vulne...
CVE-2026-5118
CVE-2026-5118 affects Divi Form Builder for WordPress (
EUVD-2026-31270
The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured...