CVE-2026-4646

Mattermost has an input-validation flaw in the API request handlers used by the PR details endpoint. Affected versions are 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, and 10.11.x

EUVD-2021-34783

AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon title' field. Attackers can store XSS payloads like image tags with onerror event handlers that execut...

PT-2026-39497

AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon title' field. Attackers can store XSS payloads like image tags with onerror event handlers that execut...

CVE-2026-24047 @backstage/cli-common has a possible `resolveSafeChildPath` Symlink Chain Bypass

Backstage is an open framework for building developer portals, and @backstage/cli-common provides config loading functionality used by the backend and command line interface of Backstage. Prior to version 0.1.17, the resolveSafeChildPath utility function in @backstage/backend-plugin-api, which is...

CVE-2025-64114 ClipBucket v5: SQL Injection possible through ClipBucket Custom Fields plugin

ClipBucket v5 is an open source video sharing platform. Versions 5.5.2 - 151 and below allow authenticated administrators with plugin management privileges to execute arbitrary SQL commands against the database through its ClipBucket Custom Fields plugin. The vulnerabilities require the Custom...

PT-2025-37257

Name of the Vulnerable Software and Affected Versions: AIRI versions 0.7.2-beta.2 Description: AIRI is a self-hosted, artificial intelligence based Grok Companion. The application processes Markdown content using the useMarkdown composable and renders it directly into the DOM using v-html. An...

CVE-2024-58104

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

WordPress plugin Interface security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.18.6), io.dataease:dataease-plugin-interface (>=1.0 <=1.18.6) +1 more potentially affected by CVE-2023-32310 via io.dataease:dataease-plugin-common (>=1.0 <=1.18.6)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.18.6 Source cves: CVE-2023-32310 Source advisory: OSV:GHSA-7HV6-GV38-78WJ...

SUSE CVE-2016-1966

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer dereference and memory corruption via a crafted NPAPI plug...

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34114 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34114 Source advisory: OSV:GHSA-HMVW-66JM-H9FH...

io.dataease:dataease-plugin-datasource (>=1.10.0 <=1.11.1), io.dataease:dataease-plugin-interface (>=1.0 <=1.11.1) +1 more potentially affected by CVE-2022-34113 via io.dataease:dataease-plugin-common (>=1.0 <=1.11.1)

io.dataease:dataease-plugin-common MAVEN version =1.0, =1.10.0, =1.0, =1.10.0, =1.11.1 Source cves: CVE-2022-34113 Source advisory: OSV:GHSA-5469-C5P2-XV5G...

[SECURITY] Fedora 34 Update: golang-github-googleapis-gnostic-0.5.3-5.fc34

This package contains a Go command line tool which converts JSON and YAML OpenAPI descriptions to and from equivalent Protocol Buffer representations. Protocol Buffers provide a language-neutral, platform-neutral, extensible mechanism for serializing structured data. gnostic's Protocol Buffer...

Mozilla: Cross-origin POST requests can be made with NPAPI plugins by following 308 redirects

POST requests made by NPAPI plugins, such as Flash, that receive a status 308 redirect response can bypass CORS requirements. This can allow an attacker to perform Cross-Site Request Forgery CSRF attacks. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

Google Chrome PPAPI Security Bypass Vulnerability

Google Chrome is a web browser developed by the American company Google Google. A security bypass vulnerability exists in the PPAPI implementation in Google Chrome versions prior to 52.0.2743.82, which stems from the program not having a source for IPC messages. A remote attacker can exploit the...

Mozilla: Memory corruption with malicious NPAPI plugin (MFSA 2016-31)

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer dereference and memory corruption via a crafted NPAPI plug...

UBUNTU-CVE-2016-1966

The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service invalid pointer dereference and memory corruption via a crafted NPAPI plug...

N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability

No description provided by source. N/X - Web CMS N/X WCMS 4.5 Multiple Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'...

Fedora Update for libkipi FEDORA-2013-13499

Check for the Version of libkipi OpenVAS Vulnerability Test Fedora Update for libkipi FEDORA-2013-13499 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

[SECURITY] Fedora 17 Update: libkipi-4.10.5-1.fc17

Kipi KDE Image Plugin Interface is an effort to develop a common plugin structure for Digikam, Gwenview, etc.. Its aim is to share image plugins among graphic applications...