3329 matches found
DomainMOD 4.13.0 - Cross-Site Scripting
DomainMOD 4.13.0 is vulnerable to cross-site scripting via reporting/domains/cost-by-owner.php in the "or Expiring Between" parameter. id: CVE-2020-20988 info: name: DomainMOD 4.13.0 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.13.0 is vulnerable to...
EUVD-2026-43089
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
CVE-2026-15086
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
CVE-2026-15086
Technical details about CVE-2026-15086 are not publicly available in the provided documents. Monitor for updates from official advisories and vulnerability feeds.
CVE-2026-15086 Raw Formatter [Meta Tag Formatter] - Critical - Unsupported - SA-CONTRIB-2026-077
vulnerability in Drupal Raw Formatter Meta Tag Formatter allows . This issue affects Raw Formatter Meta Tag Formatter versions:...
EUVD-2026-42818
Out-of-bounds write in parsing DNG format in libimagecodec.media.quram.so prior to SMR Jul-2026 Release 1 allows remote attackers to write out-of-bounds memory...
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
EUVD-2026-42781
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
CVE-2026-54423
OpenStack Ironic (before 37.0.1) is vulnerable: a user capable of deploying nodes via IPMI can abuse the IPMI send_raw step to send arbitrary IPMI commands to a node, bypassing Ironic’s access control. Impact is high (CVE-2026-54423). The root cause is the exposure of IPMI send_raw in deployment ...
CVE-2026-54423
In OpenStack Ironic before 37.0.1, an Ironic user with the ability to deploy nodes using the IPMI management interface can maliciously use the sendraw step to send arbitrary IPMI commands to a node, bypassing Ironic's access control...
CVE-2026-54771
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...
Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS : LibRaw vulnerabilities (USN-8522-1)
The remote Ubuntu 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8522-1 advisory. It was discovered that LibRaw incorrectly handled certain Nikon RAW image files. An attacker could possibly use this issue to cau...
CVE-2026-54771
Langroid prior to 0.65.3 is affected. A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Root cause: the tool dispatch path in agent_response → handle_message → get...
CVE-2026-54771 Langroid: handle_message() executes user-supplied tool JSON without sender verification
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.65.3, a Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Version...
CVE-2026-54423
A malicious user with access to deploy a node directly via Ironic can specify the IPMI sendraw deployment step with a malicious payload and send commands to that nodes' BMC. IPMI sendraw capability is exposed multiple ways, including via VendorPassthru interfaces restricted to system admin and...
CVE-2026-49147
App::Ack versions through 3.10.0 for Perl print unsanitised terminal escape sequences from filenames in several output modes. When ack prints a filename whose basename contains terminal control bytes such as ANSI escape sequences, those bytes reach the terminal unchanged. Version 3.10.0 added a...
CVE-2026-53641
FOSSBilling is a free, open-source billing and client management system. Versions 0.6.0 through 0.7.2 have a stored cross-site scripting XSS vulnerability in the client-facing email history views of FOSSBilling. Email HTML content contenthtml is rendered into a JavaScript template literal using t...
GHSA-GJGQ-W2M6-WR5Q Langroid: handle_message() executes user-supplied tool JSON without sender verification
Summary A Langroid application exposing a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads, even when tools are registered with use=False, handle=True. Details enablemessage..., use=False, handle=True only prevents the LLM from being instructed to generate...
PT-2026-56064
Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.3 Description An application using this framework that exposes a chat interface to untrusted users may allow direct tool invocation via raw JSON payloads. This occurs even when tools are registered with use=Fals...
EUVD-2026-41694
A flaw has been found in connorskees grass up to 0.13.4. The affected element is the function grasscompiler::rawtoparseerror of the component UTF-8 Character Handler. Executing a manipulation can lead to denial of service. The attack is restricted to local execution. The exploit has been publishe...