25 matches found
CVE-2026-54298
Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...
CVE-2026-54299
Summary of CVE-2026-54299 (Astro) : Astro SSR apps that prerender error pages (e.g., 404/500 with prerender = true) fetch those pages over HTTP using a URL derived from request.url, which is based on the Host header. If Host is not validated against allowedDomains, an attacker can direct the fetc...
CVE-2026-54298
Astro, prior to 6.4.6, is vulnerable to XSS via unescaped attribute names when spreading props onto HTML elements. The spreadAttributes path iterates over object keys and passes them to addAttribute, which interpolates the key into the HTML output without escaping, allowing attackers to inject ev...
NPM: Astro: XSS via Unescaped Attribute Names in Spread Props
NPM: Astro: XSS via Unescaped Attribute Names in Spread Props vulnerability discovered by ? in WordPress Npm astro versions 6.4.6...
CVE-2026-0646
creationtimestamp| type| source ---|---|--- 2026-06-16 05:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-05 2026-06-16 16:12:33+00:00| seen| https://bsky.app/profile/boredchilada.bsky.social/post/3mog6uxnajr2d 2026-06-16 17:25:57+00:00| seen|...
CVE-2026-53698
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...
CVE-2026-53698
Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set...
CVE-2026-30139
A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...
Silverpeas Core 跨站脚本漏洞
Silverpeas Core is an open-source project developed by Silverpeas, used for building and running collaborative and social web portals. Versions of Silverpeas Core prior to 6.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the AdvancedSearch feature having...
CVE-2026-30139
Silverpeas Core prior to 6.4.6 is affected by a reflected XSS in the AdvancedSearch functionality. Crafted input can execute arbitrary JavaScript in the context of a user’s browser. The description identifies the vulnerable component and version, but does not provide remediation steps or affected...
CVE-2026-30139
A reflected cross-site scripting XSS vulnerability in the AdvancedSearch functionality of Silverpeas Core before version 6.4.6 allows attackers to execute arbitrary JavaScript in the context of a user's browser via crafted input...
Moderate: Red Hat Security Advisory: Red Hat build of Keycloak 26.4.6 Security Update
New Red Hat build of Keycloak 26.4.6 packages are available from the Customer Portal Red Hat build of Keycloak 26.4.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. Security fixes...
Missing Authentication for Critical Function
Overview org.springframework.security:spring-security-core is a package that provides security services for the Spring IO Platform. Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to improperly locating method security annotations on private...
CVE-2024-50331
An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory...
CVE-2024-50317
A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service...
Ivanti Avalanche 安全漏洞
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability previously existed in Ivanti Avalanche version 6.4.6, which stemmed from the inclusion of ...
Ivanti Avalanche 安全漏洞
Ivanti Avalanche is an enterprise mobile device management system from Ivanti, USA. The system is primarily used to manage devices such as smartphones, tablets and barcode scanners. A security vulnerability previously existed in Ivanti Avalanche version 6.4.6, which stemmed from the inclusion of ...
PT-2024-8641 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.6 Description: A null pointer dereference in Ivanti Avalanche allows a remote unauthenticated attacker to cause a denial of service. This issue is related to the system management of mobile devices and c...
ai.idylnlp:idylnlp-nlp-language-detection-tika (>=1.0.0 <=1.1.0), ai.stainless:grails-tika (=0.1.0) +2685 more potentially affected by CVE-2022-46363 via org.apache.cxf:cxf-core (>=3.0.0-milestone1 <=3.4.1)
org.apache.cxf:cxf-core MAVEN version =3.0.0-milestone1, =1.0.0, =11.4-37, =3.6.1, =3.11.0, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE - cloud.testload:jmeter-clickhouse-listener =2.00 and more Source cves: CVE-2022-46363 Source...
Automattic Mongoose 安全漏洞
Automattic Mongoose is a MongoDB object modeling tool for asynchronous environments. A security vulnerability exists in Automattic Mongoose versions prior to 6.4.6, which stems from the Schema.path function being susceptible to prototype contamination when setting up schema objects, which can be...