NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()

Summary XSS risk exists in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL without page reload. However, if the URL argument is embedded into...

CVE-2026-21871

NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...

EUVD-2026-1478

NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...

NiceGUI 跨站脚本漏洞

NiceGUI is NiceGUI open source an easy to use, Python based UI framework. A cross-site scripting vulnerability exists in NiceGUI versions 2.13.0 through 3.4.1, which stems from a cross-site scripting risk in the ui.navigate.history.push or replace function...

CVE-2019-16236

Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala...

WordPress Push Notification for Post and BuddyPress plugin <= 2.07 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Push Notification for Post and BuddyPress versions = 2.07...

WordPress Feedify - Web Push Notifications plugin < 2.4.6 - Reflected XSS vulnerability

WordPress Feedify - Web Push Notifications plugin 2.4.6 - Reflected XSS vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Feedify – Web Push Notifications versions 2.4.6...

UBUNTU-CVE-2023-54238

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napiconsume nor by devkfreeskbany. Add call to napiconsumeskb to properly free SKBs. Another...

CVE-2023-54238

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napiconsume nor by devkfreeskbany. Add call to napiconsumeskb to properly free SKBs. Another...

CVE-2023-54238 mlx5: fix skb leak while fifo resync and push

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napiconsume nor by devkfreeskbany. Add call to napiconsumeskb to properly free SKBs. Another...

CVE-2023-54238

CVE-2023-54238 affects the Linux kernel in the mlx5 area. Two issues are described: (1) a SKB leak during ptp resync where SKBs were popped from the fifo but not freed (addressed by adding napi_consume_skb to properly free SKBs); and (2) an overrun in mlx5e_skb_fifo_has_room() where a counter com...

CVE-2023-54238 mlx5: fix skb leak while fifo resync and push

In the Linux kernel, the following vulnerability has been resolved: mlx5: fix skb leak while fifo resync and push During ptp resync operation SKBs were poped from the fifo but were never freed neither by napiconsume nor by devkfreeskbany. Add call to napiconsumeskb to properly free SKBs. Another...

CVE-2025-15232

The CVE affects Tenda M3 firmware 1.0.0.13(4903). The bug is in the formSetAdPushInfo function of /goform/setAdPushInfo, where manipulating the mac/terminal argument causes a stack-based buffer overflow. This enables remote exploitation, and an exploit is publicly available. Public sources (PT-20...

PT-2025-54067

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to memory management within the mlx5 driver. Specifically, a memory leak occurs during Precision Time Protocol PTP resynchronization operations,...

curl: Heap Buffer Over-read in lib/http2.c (on_header) handling PUSH_PROMISE frames

Summary: I have discovered a Heap Buffer Over-read vulnerability in lib/http2.c within the onheader callback function. When processing HTTP/2 PUSHPROMISE frames, the code incorrectly uses the %s format specifier on raw pointers provided by nghttp2. According to nghttp2 documentation, the name and...

SUSE-SU-2025:4458-1 Security update 5.0.6 for Multi-Linux Manager Client Tools

This update fixes the following issues: dracut-saltboot: - Update to version 1.0.0 Reboot on salt key timeout bsc1237495 Fixed parsing files with space in the name bsc1252100 grafana was updated from version 11.5.5 to 11.5.10: - Security issues fixed: CVE-2025-47911: Fix parsing HTML documents...

EUVD-2025-203767

In JetBrains TeamCity before 2025.11 stored XSS was possible on agentpushInstall page...

JetBrains TeamCity 跨站脚本漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides features such as continuous unit testing, code quality analysis and build issue analysis reports. A cross-site scripting vulnerability exists in JetBrai...

SUSE SLES16 Security Update : keylime (SUSE-SU-2025:21194-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:21194-1 advisory. Update to version 7.13.0+40. Security issues fixed: - CVE-2025-13609: possible agent identity takeover due to registrar allowing t...

WordPress plugin OneSignal – Web Push Notifications 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...