Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the parseNode and parseEdge functions when topology metadata such as component IDs, stream names, or grouping values are interpolated into HTML without proper sanitization. An attacker can execute arbitrary...

CVE-2026-35565

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

CVE-2026-35565

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

CVE-2026-35565 Apache Storm UI: Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Storm UI

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

PT-2026-32329

Stored Cross-Site Scripting XSS via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology metadata including component IDs, stream names, and grouping values directly into HTML via innerHTML in...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004898)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004898 advisory. In the Linux kernel, the following vulnerability has been resolved: rpmsg: qcomsmd: Fix refcount leak in qcomsmdparseedge ofparsephandle returns a node pointer with...

EUVD-2022-55378

Malicious code in bioql PyPI...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the qcomsmd driver not releasing node references in parseedge, which could lead to a reference count leak...

kernel: rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge

In the Linux kernel, the following vulnerability has been resolved: rpmsg: qcomsmd: Fix refcount leak in qcomsmdparseedge ofparsephandle returns a node pointer with refcount incremented, we should use ofnodeput on it when done...

PT-2022-33828 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 4.9 through 5.15.60 Description: The issue is related to a refcount leak in the qcom smd parse edge function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-34265 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: A refcount leak was discovered in the qcom smd parse edge function of the rpmsg: qcom smd module. The actual impact and attack plausibility of this issue have not yet been proven...