CVE-2026-33035

CVE-2026-33035 affects WWBN AVideo

PT-2026-26757

Name of the Vulnerable Software and Affected Versions @dicebear/converter versions prior to 9.4.2 Description The ensureSize function in @dicebear/converter previously used a regex-based method to limit SVG width and height attributes to 2048px to prevent denial of service. This limitation could ...

Scriban has an Infinite Recursion during Object Rendering Leads to Stack Overflow and Process Crash (Denial of Service)

When Scriban renders an object that contains a circular reference, it traverses the object's members infinitely. Because the ObjectRecursionLimit property defaults to unlimited, this behavior exhausts the thread's stack space, triggering an uncatchable StackOverflowException that immediately...

CVE-2026-32753

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...

Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR

An Open Redirect vulnerability exists in @angular/ssr due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes e.g., ///, the internal validation logic fails to account for a single backslash \ bypass. When an Angular SSR application is...

@hmcts/media-viewer (>=4.2.16-exui-4425 <=4.2.16-exui-4425-rel1) potentially affected by CVE-2026-33397 via @angular/ssr (=20.3.18)

@angular/ssr NPM version =20.3.18 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - @hmcts/media-viewer =4.2.16-exui-4425, =4.2.16-exui-4425-rel1 Source cves: CVE-2026-33397 Source advisory: OSV:GHSA-VFX2-HV2G-XJ5F...

@docgeni/angular (=21.0.1), @jamelyassin/shadcn-angular (>=1.0.3 <=1.0.4) +14 more potentially affected by CVE-2026-33397 via @angular/ssr (>=21.1.2 <=21.2.13)

@angular/ssr NPM version =21.1.2, =1.0.3, =1.1.0, =2.0.0, =1.0.0, =0.0.2, =0.5.0, =0.1.2, =1.0.0, =1.1.5 - ngx-packages =21.3.2 and more Source cves: CVE-2026-33397 Source advisory: OSV:GHSA-VFX2-HV2G-XJ5F...

@docgeni/angular (=21.0.1), @jamelyassin/shadcn-angular (>=1.0.3 <=1.0.4) +14 more potentially affected by CVE-2026-27738 +1 more via @angular/ssr (>=21.1.2 <=21.2.13)

@angular/ssr NPM version =21.1.2, =1.0.3, =1.1.0, =2.0.0, =1.0.0, =0.0.2, =0.5.0, =0.1.2, =1.0.0, =1.1.5 - ngx-packages =21.3.2 and more Source cves: CVE-2026-27738, CVE-2026-33397 Source advisory: SNYK:JS-ANGULARSSR-15701178...

CVE-2026-33346 OpenEMR has stored XSS in portal_payment.php via Unescaped table_args

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting XSS vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser o...

CVE-2026-32866

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...

PT-2026-26310

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...

PT-2026-26375

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting XSS through FreeScout's email notification templates. Incoming email bodies are stored in the database without sanitization and rendered...

PT-2026-26374

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...

PT-2026-26308

OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...

openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20365-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20365-1 advisory. - Firefox Extended Support Release 140.8.0 ESR bsc1258568 - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component -...

mo has a XSS via inline SVG script tags in Markdown rendering

Summary When rendering Markdown files containing inline SVG elements with tags, the embedded JavaScript is executed in the browser. This is due to rehype-raw passing raw HTML including SVG through to the DOM without sanitization. PoC html alert1 Embedding the above in a Markdown file opened with ...

GHSA-VCCX-P757-PV6H mo has a XSS via inline SVG script tags in Markdown rendering

Summary When rendering Markdown files containing inline SVG elements with tags, the embedded JavaScript is executed in the browser. This is due to rehype-raw passing raw HTML including SVG through to the DOM without sanitization. PoC html alert1 Embedding the above in a Markdown file opened with ...

USN-8097-2: roundcube regression

USN-8097-1 fixed a vulnerability in roundcube. The update caused a regression affecting the HTML sanitizer, preventing Roundcube from rendering any email message body. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Roundcube...

USN-8097-2 roundcube regression

USN-8097-1 fixed a vulnerability in roundcube. The update caused a regression affecting the HTML sanitizer, preventing Roundcube from rendering any email message body. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Roundcube...

Researchers found font-rendering trick to hide malicious commands

Researchers have published a proof-of-concept PoC that uses custom fonts to fool many popular Artificial Intelligence AI assistants, including ChatGPT, Claude, Copilot, Gemini, Leo, Grok, Perplexity, Sigma, Dia, Fellou, and Genspark. Imagine a book where the visible text is harmless, but hidden...