CVE-2018-25311

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows attackers with valid credentials to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl,...

CVE-2026-35379

A flaw was found in the tr utility of uutils coreutils. A logic error causes the program to incorrectly define the :graph: and :print: character classes, reversing their standard behavior. This vulnerability can lead to unintended data modification or loss when the utility is used in automated...

CVE-2025-56536

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

CVE-2025-56535

A cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the zone attribute parameter...

CVE-2025-56534

OpenNebula v6.10.0.1 has a cross-site scripting (XSS) vulnerability in the custom authenticator driver. A crafted payload can cause arbitrary web scripts/HTML to execute in the web interface context. The CVE-2025-56534 records (NVD, CVE List, etc.) document this flaw with a CVSS v3.1 base score o...

PT-2026-35943

A stored cross-site scripting XSS vulnerability in opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the user information parameter...

CVE-2025-56534

A cross-site scripting XSS vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

PT-2026-37133

Name of the Vulnerable Software and Affected Versions CI4MS versions 0.26.0.0 through 0.31.6.0 Description A theme upload feature allows any authenticated backend user with theme-upload permission to achieve remote code execution RCE by uploading a crafted ZIP file. PHP files within the ZIP are...

OpenNebula 跨站脚本漏洞

OpenNebula is an open-source cloud computing platform developed by OpenNebula, used for managing heterogeneous distributed data center infrastructure. Version 6.10.0.1 of OpenNebula contains a cross-site scripting vulnerability. This vulnerability arises from injecting a specially crafted payload...

PT-2026-35994

VideoFlow Digital Video Protection DVP 2.10 contains an authenticated directory traversal vulnerability that allows authenticated attackers to disclose arbitrary files by injecting path traversal sequences in the ID parameter. Attackers can submit requests to downloadsys.pl, download xml.pl,...

CVE-2026-41390 OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper

OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execu...

DEBIAN-CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

CVE-2026-41525

KDE Dolphin before 25.12.3 allows applications in a Flatpak or with AppArmor confinement to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or...

[SECURITY] Fedora 44 Update: gum-0.17.0-3.fc44

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

[SECURITY] Fedora 42 Update: gum-0.16.1-2.fc42

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

CVE-2026-41525

KDE Dolphin prior to 25.12.3 is affected. The issue arises when running inside a Flatpak or with AppArmor confinement, where Dolphin’s FileManager1 protocol can accept a path to any file type (including scripts or executables) and open it outside the application sandbox without proper scrutiny. B...

Juniper Junos OS Vulnerability (JSA100057)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100057 advisory. - An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to...

EUVD-2026-25399

The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file extension before sanitization occurs and allowing the file type parameter to be controlled by the...

EUVD-2026-25344

OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scripts before execution without invalidating the approval plan, allowing execution of modified script...

CVE-2026-35503

A vulnerability in SenseLive X3050’s web management interface allows authentication logic to be performed entirely on the client side, relying on hardcoded values within browser-executed scripts rather than server-side verification. An attacker with access to the login page could retrieve these...