OpenStack Ironic 安全漏洞

OpenStack Ironic is an integrated OpenStack application developed under the OpenStack open source framework. It is used to configure bare machines rather than virtual machines. OpenStack Ironic versions 35.x and earlier contain security vulnerabilities, which stem from the instanceinfokstemplate...

WordPress plugin Sky Addons 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Linux Distros Unpatched Vulnerability : CVE-2026-43396

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dmafencechainalloc fails, properly...

PT-2026-39138

Name of the Vulnerable Software and Affected Versions Brave CMS versions prior to commit 6c56603 Description Page and article body content entered through the CKEditor rich-text editor is stored verbatim in the database and rendered using Laravel Blade's unescaped output directive !! !!. This...

netbox-data-flows has stored XSS in ObjectAlias names rendered inside DataFlow tables

Summary An authenticated user who can create or edit ObjectAlias objects can store arbitrary HTML/JavaScript in an alias name. That payload is later rendered unescaped in DataFlow table views, causing a stored XSS when another user views the affected page. Details The issue is caused by unsafe HT...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

CVE-2026-39823

Summary: CVE-2026-39823 covers an escapebug in HTML meta tag content handling that can trigger XSS when URLs are inserted into a meta tag’s content attribute and whitespace is manipulated. Multiple connected sources confirm the issue and describe the root cause as incorrect escaping of URLs insid...

EUVD-2026-28407

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering process in cron.erb. An attacker can execute arbitrary JavaScript in the context of the user's browser by supplying a crafted URL. Details Cross-site scripting or XSS is a code vulnerability th...

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...

CVE-2026-44264 Weblate is vulnerable to XSS via crafted Markdown

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

CVE-2026-44264

Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has been patched in version 5.17.1...

drm/amdgpu: validate user queue size constraints

...

drm/amdgpu: fix NULL pointer issue buffer funcs

...

RLSA-2026:13537 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...

Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

GHSA-2PMR-289P-44R3 Gotenberg's DNS rebinding bypasses SSRF validation on Chromium URL conversion routes

Summary FilterOutboundURL resolves the hostname, checks the resolved IPs against the private-address deny-list, and returns only the error. It discards the resolved addresses. Chromium later performs its own DNS resolution when it navigates to the URL. An attacker who controls DNS for a hostname...

PT-2026-38442

Name of the Vulnerable Software and Affected Versions ChestnutCMS version 1.5.10 Description A SQL injection issue exists where the content parameter of the 'cms content' tag can be manipulated within the admin backend. This allows the parameter to be injected into a SQL query during template...

CVE-2026-36458

ChestnutCMS v1.5.10 has a SQL injection vulnerability. The content parameter of the cmscontent tag can be manipulated in the admin backend and injected into a SQL query when the template is rendered...