CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

GHSA-VRX2-77F2-WW34 justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

GHSA-4P64-V8F5-R2GX Multiple security fixes in justhtml

Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...

Multiple security fixes in justhtml

Summary justhtml 1.16.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected one of these advanced paths rather than ordinary parsed HTML with the default safe settings: - programmatic DOM input to sanitize or sanitizedom -...

CVE-2026-5599

CVE-2026-5599 affects the venueless platform: a user with API access and the "manage users" permission can trigger deletion of user accounts in other worlds. This cross-world impact can compromise account availability and integrity. The CVSS 4.0 base score is 7.3 (HIGH); attack vector is NETWORK ...

curl: Security Vulnerability Report: Protocol Injection via Programmatic Options

Summary Multiple text-based protocol handlers in libcurl including FTP, SMTP, POP3, and IMAP are vulnerable to protocol command injection. This occurs when an application sets credentials or other protocol-specific options programmatically e.g., via CURLOPTUSERNAME, CURLOPTPASSWORD, or...

EVMbench: Evaluating AI Agents on Smart Contract Security

Smart contracts on public blockchains now manage large amounts of value, and vulnerabilities in these systems can lead to substantial losses. As AI agents become more capable at reading, writing, and running code, it is natural to ask how well they can already navigate this landscape, both in way...

CVE-2023-45189

A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically...

Malicious code in blushing-peach-dove (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8e56e3dc8b712a4794ae9cd6b4e814f84fdd085f1b138111850c2d2bb283a2e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-36374

Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote...

[SECURITY] Fedora 41 Update: rust-protobuf-codegen-3.7.2-1.fc41

Code generator for rust-protobuf. Includes a library to invoke programmatically e. g. from build.rs and protoc-gen-rs binary...

EUVD-2014-3309

Malware in sbrugna...

EUVD-2005-3443

Malware in sbrugna...

EUVD-2006-3972

Malware in sbrugna...

EUVD-2020-0362

Malware in sbrugna...

EUVD-2024-3280

Malicious code in bioql PyPI...

How Is API Abuse Different from Web Application Attacks by Bots?

API abuse and web application bot attacks are often confused. This is understandable, as both involve automated interactions and are usually executed by bots. Both attack vectors are prevalent; criminals are always eager to disrupt the foundations on which businesses base their operations to...

DEBIAN-CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...

UBUNTU-CVE-2024-50341

symfony/security-bundle is a module for the Symphony PHP framework which provides a tight integration of the Security component into the Symfony full-stack framework. The custom userchecker defined on a firewall is not called when Login Programmaticaly with the Security::login method, leading to...