BIT-NODE-MIN-2026-48617

A flaw in Node.js Permission Model enforcement allows Bypass via process.report.writeReport Path Misvalidation. This can lead to confidentiality impact or bypass of the intended security boundary under affected configurations. This vulnerability affects all supported release lines: Node.js 22,...

GeoServer Demo Request Endpoint - Server Side Request Forgery

It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...

CVE-2026-11994

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

CVE-2026-11994

CVE-2026-11994 concerns Akaunting 3.1.21, reporting an authenticated stored XSS in the report description rendering . A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report, potentially affecting other users interacting with the...

EUVD-2026-38290

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

CVE-2026-11994 Akaunting 3.1.21 - Authenticated stored XSS in report description rendering

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

CVE-2026-11994

Akaunting 3.1.21 contains an authenticated stored Cross-Site Scripting vulnerability in the report management workflow. A user with permission to create or update reports can store arbitrary HTML/JavaScript in the description field of a report...

AJ-Report < 1.4.1 - Remote Code Execution

AJ-Report before version 1.4.1 is affected by an authentication bypass vulnerability. A remote and unauthenticated attacker can append ";swagger-ui" to HTTP requests to bypass authentication and execute arbitrary Java code on the victim server through script engine injection in the validation rul...

Reflected XSS - Telerik Reporting Module

Cross-site scripting vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 11.0.17.406 allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. id:...

EUVD-2026-38198

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2026-12812

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2026-12812 Radware Cyber Controller HTML Report Generation HTML injection

A security vulnerability has been detected in Radware Cyber Controller up to 10.11.0. This affects an unknown part of the component HTML Report Generation. The manipulation leads to HTML injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be...

CVE-2026-12812

Radware Cyber Controller (up to 10.11.0) is affected in the HTML Report Generation component, with HTML injection due to the underlying issue. The vulnerability allows remote exploitation, and the exploit has been publicly disclosed. No remediation details are provided in the documents. Affected ...

Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

CVE-2011-5148

creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:37+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/eed2420a-1246-47cb-9069-e60d865b0c71 2026-06-23 14:04:09+00:00| exploited|...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: virtio/vsock: Fixed an uninit-value issue in virtiotransportrecvpkt KMSAN reported the following uninit-value access issues: ===================================================== BUG: KMSAN: uninit-value in...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer. Since the report buffer is used by various drivers in various ways, let’s initialize it to zero during allocation, so that it cannot ever be used to leak kernel memory through special...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: gtp: Fixed a use-after-free in gtpencapdestroy. syzkaller reported a use-after-free in gtpencapdestroy. The same process freed “sk” and accessed it illegally. The commit e198987e7dd7 “gtp: fix suspicious RCU usage” added...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: net: Handling of integer overflows in kmallocreserve The committed change was as follows: c ptr = kmallocsize; if ptr size = ksizeptr; size = kmallocsizeroundupsize; ptr = kmallocsize; This caused various crashes, as reported ...

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

In the Linux kernel, the following vulnerabilities have been resolved: drm/amd/display: Fixed a potential index out of bounds issue in the color transformation function. The issue could occur when the index ‘i’ exceeds the number of transfer function points TRANSFERFUNCPOINTS. The fix includes a...