CVE-2026-25046

The CVE concerns the Kimi Agent SDK, specifically the development scripts vsix-publish.js and ovsx-publish.js, which pass filenames to shell via execSync(). Prior to v0.1.6, filenames containing shell metacharacters (e.g., $(cmd)) could cause arbitrary command execution. It affects development sc...

CVE-2026-24838

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, module title supports richtext which could include scripts that would execute in certain scenarios. Versions 9.13.10 and 10.2.0 contain a fix for the iss...

CVE-2026-24833

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...

[SECURITY] Fedora 43 Update: perl-HarfBuzz-Shaper-0.033-2.fc43

HarfBuzz::Shaper is a perl module that provides access to a small subset of the native HarfBuzz library. The subset is suitable for typesetting programs that need to deal with complex languages like Devanagari. This module is intended to be used with module L...

PT-2026-5361

Name of the Vulnerable Software and Affected Versions Kimi Agent SDK versions prior to 0.1.6 Description The Kimi Agent SDK libraries expose the Kimi Code agent runtime in applications. The vsix-publish.js and ovsx-publish.js scripts pass filenames to the execSync function as shell command string...

EUVD-2025-206519

An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls...

EUVD-2020-30901

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparentid parameters to execute arbitrary JavaScript in administrative contexts...

BurpSuitePro

Burp Suite Bambda Scripts - Vulnerability Testing Toolkit v2.0...

CVE-2026-24837

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13....

CVE-2026-24836

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, extensions could write richtext in log notes which can include scripts that would run in the PersonaBar when displayed...

CVE-2026-24784

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a content editor could inject scripts in module headers/footers that would run for other users. Versions 9.13.10 and 10.2.0...

PT-2026-5119

LimeSurvey 4.3.10 contains a stored cross-site scripting vulnerability in the Survey Menu functionality of the administration panel. Attackers can inject malicious SVG scripts through the Surveymenutitle and Surveymenuparent id parameters to execute arbitrary JavaScript in administrative contexts...

Podcast Generator security vulnerabilities

Podcast Generator is an open-source set of free podcast publishing scripts written in PHP language. Version 3.2.9 of Podcast Generator has a security vulnerability, which stems from a storage-type XSS vulnerability in the function for creating new live projects. This vulnerability could allow for...

Important: grafana-pcp security update

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fixes: crypto/x509: golang: Denial of Service due to excessive resource consumption v...

PT-2026-5086

The SEO Links Interlinking plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google error' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

EUVD-2026-4864

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Starting in version 9.0.0 and prior to versions 9.13.10 and 10.2.0, a module friendly name could include scripts that will run during some module operations in the Persona Bar. Versions 9.13....

EUVD-2026-4862

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to versions 9.13.10 and 10.2.0, a module could install with richtext in its description field which could contain scripts that will run for user in the Persona Bar. Versions 9.13.10 and...

CVE-2020-36956

Openfire 4.6.0 contains a stored cross-site scripting vulnerability in the nodejs plugin that allows attackers to inject malicious scripts through the 'path' parameter. Attackers can craft a payload with script tags to execute arbitrary JavaScript in the context of administrative users viewing th...

CVE-2020-36942

Victor CMS 1.0 contains a file upload vulnerability that allows authenticated users to upload malicious PHP files through the profile image upload feature. Attackers can upload a PHP shell to the /img directory and execute system commands by accessing the uploaded file via web browser...

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

Over the past few years, we've been observing and monitoring the espionage activities of HoneyMyte aka Mustang Panda or Bronze President within Asia and Europe, with the Southeast Asia region being the most affected. The primary targets of most of the group's campaigns were government entities. A...