727240 matches found
CVE-2026-48591
CVE-2026-48591 describes a stored cross-site scripting vulnerability in the open-source earmark Markdown library used with Elixir. The issue arises from how Elixir.Earmark.Transform:_make_att1/2 splices attribute values directly between two literal quotes, causing attribute values to be emitted v...
EEF-CVE-2026-48591 Stored XSS via unescaped HTML attribute values in earmark
Summary Improper Neutralization of Script in Attributes in a Web Page vulnerability in pragdave earmark allows stored cross-site scripting via unescaped HTML attribute values. 'Elixir.Earmark.Transform':\make\att1/2 in lib/earmark/transform.ex splices attribute values verbatim between two literal...
Exploit for Out-of-bounds Read in Tcpdump
ENV-CVE-2020-8036 — tcpdump Vulnerability Reproduction Environ...
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials. Ordinary stuff, until one move near the end. Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim's machine, building ...
Security Bulletin: IBM Security QRadar Log Management AQL Plugin is vulnerable to using components with known vulnerabilities
Summary The product includes vulnerable components e.g., framework libraries that could be identified and exploited with automated tools. IBM Security QRadar Log Management AQL Plugin has addressed the applicable CVEs in an update. Vulnerability Details CVEID:CVE-2026-41907 DESCRIPTION: uuid is f...
CVE-2026-35065
Dell PowerFlex Manager, versions Versions, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Informatio...
CVE-2026-12528
A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...
CVE-2026-11311
When NGINX Plus is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition serverTokens field and the...
CVE-2026-35069
CVE-2026-35069 affects Dell PowerFlex Manager. The issue is an SQL injection caused by improper neutralization of special elements in SQL commands within the product’s components, allowing a low-privileged, adjacent-network attacker to potentially perform script injection. Impact described includ...
EUVD-2026-37743
Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...
CVE-2026-35069
Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...
CVE-2026-35069
Dell PowerFlex Manager, versions Versions, contains an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Script injection...
Security update for alloy
This update for alloy fixes the following issues Security issues: CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message bsc1259919. CVE-2026-25934: github.com/go-git/go-git/v5:...
CVE-2026-35065
Dell PowerFlex Manager, versions Versions, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Informatio...
CVE-2026-35065
Dell PowerFlex Manager, versions Versions, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Informatio...
CVE-2026-35065
Technical details about CVE-2026-35065 are not publicly provided in the connected documents. Monitor official Dell PowerFlex advisories and CVE/NVD entries for updated impact, affected versions, and fixes.
EUVD-2026-37733
Dell PowerFlex Manager, versions Versions, contains a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Code execution, Denial of service, Information disclosure, Informatio...
CVE-2026-12528
A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...
CVE-2026-12528 389-ds-base: 389-ds-base: heap-buffer-overflows in __aclp__normalize_acltxt()
A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...
EUVD-2026-37728
A flaw was found in 389 Directory Server in the aclpnormalizeacltxt function of aclparse.c. A malformed ACI Access Control Instruction string can trigger heap-buffer-overflow writes and reads during ACI parsing. The function fails to validate that the ACI keyword has sufficient length after...