CVE-2026-7014 MaxSite CMS down_count Plugin cross site scripting

A flaw has been found in MaxSite CMS up to 109.3. This vulnerability affects unknown code of the component downcount Plugin. This manipulation of the argument ffile/fprefix causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. Upgrading...

CVE-2026-7012

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-7013

A security vulnerability has been detected in MaxSite CMS up to 109.3. Affected by this issue is some unknown functionality of the component mailsend Plugin. The manipulation of the argument fsubject/ffiles/ffrom leads to cross site scripting. The attack can be initiated remotely. The exploit has...

CVE-2026-7013

MaxSite CMS (up to 109.3) contains a cross-site scripting (XSS) vulnerability in the mail_send plugin. An attacker can manipulate the f_subject, f_files, or f_from parameters to trigger XSS, with remote initiation and public disclosure of the exploit. The issue affects an unknown functionality wi...

CVE-2026-7012

A vulnerability was detected in MaxSite CMS up to 109.3. This affects an unknown part of the component Redirect Plugin. The manipulation of the argument fall/fall404 results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. Upgrading to versi...

CVE-2026-7011 MaxSite CMS Antispam Plugin plugin_antispam cross site scripting

A weakness has been identified in MaxSite CMS up to 109.3. Affected by this vulnerability is an unknown functionality of the file /admin/pluginantispam of the component Antispam Plugin. Executing a manipulation of the argument floggingfile can lead to cross site scripting. It is possible to launc...

PT-2026-35198

A vulnerability was found in MaxSite CMS up to 109.3. Impacted is an unknown function of the component ushki Plugin. Performing a manipulation of the argument f ushka new/f ushk results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and...

PT-2026-35239

The CVE-2026-9135 patch is out, but what about the next one? If you rely on vendors to tell you when you're hacked, you're already too late. Learn to build your own Linux binary instrumentation tools. Read more- https://t.co/o03RQDZYiC RockyLinux https://t.co/rMgg4cdHh8...

PT-2026-35236

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Adobe Commerce/Magento affected versions not specified Description An inappropriate implementation in FoldableAPIs allows a remote attacker who has compromised the renderer process to bypass site...

PT-2026-35196

A vulnerability has been found in MaxSite CMS up to 109.3. This issue affects some unknown processing of the component Guestbook Plugin. Such manipulation of the argument f text/f slug/f limit/f email leads to cross site scripting. The attack may be launched remotely. The exploit has been disclos...

GHSA-57R2-H2WJ-G887 OpenClaw: Isolated cron awareness events were recorded as trusted system events

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Output from webhook-triggered isolated cron agent runs could be queued into the main session awareness stream without trusted: false. That made the event render as a trusted...

CVE-2026-6993

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

EUVD-2026-25670

A weakness has been identified in Envoy up to 1.33.0. Affected is the function params.add of the file source/extensions/filters/http/headermutation/headermutation.cc of the component Query Parameter Handler. This manipulation causes injection. Remote exploitation of the attack is possible. Patch...

CVE-2026-6993 go-kratos http.DefaultServeMux Fallback server.go NewServer confused deputy

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

EUVD-2026-25669

A security flaw has been discovered in go-kratos kratos up to 2.9.2. This impacts the function NewServer of the file transport/http/server.go of the component http.DefaultServeMux Fallback Handler. The manipulation results in unintended intermediary. The attack may be launched remotely. The explo...

CVE-2026-6993

CVE-2026-6993 affects go-kratos kratos up to 2.9.2. It concerns the function NewServer in transport/http/server.go’s http.DefaultServeMux Fallback Handler, where manipulation can yield an unintended intermediary and may be exploitable remotely. Public exploit exists. A patch is identified as 0284...

CLSA-2026-1777022893 Fix CVE(s): CVE-2026-34980

SECURITY UPDATE: arbitrary PPD keyword injection via job options - debian/patches/CVE-2026-34980.patch: filter control characters from option values and allowlist PPD keywords from filters in scheduler/job.c - CVE-2026-34980...

OESA-2026-2047 corosync security update

This package contains the Corosync Cluster Engine Executive, several default APIs and libraries, default configuration files, and an init script. Security Fixes: A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membersh...

Excalidraw vulnerable to XSS via Mermaid sequence diagram labels (KaTeX rendering)

Impact @excalidraw/[email protected] depends on a Mermaid conversion package version that resolves to a Mermaid release affected by CVE-2025-54881 / GHSA-7rqq-prvp-x9jh. User-supplied Mermaid sequence diagram labels could trigger XSS through Mermaid’s KaTeX label rendering path. This is patched i...

UBUNTU-CVE-2026-31554

In the Linux kernel, the following vulnerability has been resolved: futex: Require sysfutexrequeue to have identical flags Nicholas reported that his LLM found it was possible to create a UaF when sysfutexrequeue is used with different flags. The initial motivation for allowing different flags wa...