45 matches found
CVE-2026-6019
http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...
ALSA-2026:3443 Important: valkey security update
Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...
Vulnerabilities fixed in IBM QRadar SIEM
IBM has fixed vulnerabilities in IBM QRadar SIEM Specific to Version 7.5.0 Update Pack 13 Independent Fix 02. The vulnerabilities include a stored cross-site scripting XSS vulnerability that allows authenticated users to inject JavaScript into the Web interface. This can lead to compromise of use...
PT-2025-41727
Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A security issue exists in Tomofun Furbo 360 and Furbo Mini related to insecure storage of sensitive information. The issue is...
EUVD-2013-0750
Malware in sbrugna...
EUVD-2018-0833
Malware in sbrugna...
EUVD-2016-2050
Malware in sbrugna...
EUVD-2007-0789
Malware in sbrugna...
EUVD-2017-17792
Malware in sbrugna...
EUVD-2016-5951
Malware in sbrugna...
EUVD-2005-1064
Malware in sbrugna...
EUVD-2022-2301
Malicious code in bioql PyPI...
CVE-2025-58853
Cross-Site Request Forgery CSRF vulnerability in OTWthemes Popping Sidebars and Widgets Light popping-sidebars-and-widgets-light allows Reflected XSS.This issue affects Popping Sidebars and Widgets Light: from n/a through = 1.27...
Linux Distros Unpatched Vulnerability : CVE-2022-22763
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When a worker is shutdown, it was possible to cause script to run late in the lifecycle, at a point after where it should not be possible. This vulnerability...
CVE-2020-26567
An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes...
CVE-2017-15733
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery CSRF in admin/ajax.attachment.php and admin/att.main.php...
WEM External task not working when "run script " selected
External task configured using below option for "run script" In the WEM logs we could see below error 12:14:13 PM Warning - VuemExternalTaskExecutor.ExecuteExternalTask : External Task - Create User Cache Folder Id:3 - Unable to validate target file existence... 12:14:13 PM Exception -...
Linux Distros Unpatched Vulnerability : CVE-2012-1823
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sapi/cgi/cgimain.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script aka php- cgi, does not properly handle query strings that lack a...
Linux Distros Unpatched Vulnerability : CVE-2013-4885
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload arbitrarily named files...
Linux Distros Unpatched Vulnerability : CVE-2007-2348
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands vi...