CVE-2026-32612

Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...

CVE-2026-32612 Statamic: privilege escalation via stored cross-site scripting

Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...

PT-2026-25092

Statamic is a Laravel and Git powered content management system CMS. Prior to 6.6.2, stored XSS in the control panel color mode preference allows authenticated users with control panel access to inject malicious JavaScript that executes when a higher-privileged user impersonates their account. Th...

CVE-2026-1662

creationtimestamp| type| source ---|---|--- 2026-02-25 09:53:32+00:00| seen| https://www.acn.gov.it/portale/w/risolte-vulnerabilita-su-gitlab-community-edition-ce-e-enterprise-edition-ee-1 2026-02-25 13:10:17+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mfoqwufv6l2q 2026-02-26...

CVE-2026-24688 pypdf has possible Infinite Loop when processing outlines/bookmarks

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects...

CVE-2023-40662

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15...

PT-2025-46220

PacsOne Server version 6.6.2 prior versions are likely affected contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path'...

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly (wasm). (Earlier and later versions are unaffected.)

...

LimeSurvey 安全漏洞

LimeSurvey PHPSurveyor is a set of open source online questionnaire survey program from LimeSurvey team, which supports survey program development, questionnaire publishing and data collection. A security vulnerability exists in LimeSurvey version v6.6.2 and earlier versions, which stems from an...

UBUNTU-CVE-2024-30161

In Qt 6.5.4, 6.5.5, and 6.6.2, QNetworkReply header data might be accessed via a dangling pointer in Qt for WebAssembly wasm. Earlier and later versions are unaffected...

Couchbase Server 授权问题漏洞

Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions 6.5.x through 6.6.2, which stems from RFC4513 that allows...

CVE-2016-4401

Aruba ClearPass Policy Manager before 6.5.7 and 6.6.x before 6.6.2 allows attackers to obtain database credentials...

Elasticsearch Winlogbeat Input Validation Error Vulnerability

Elasticsearch Winlogbeat is an open source tool for sending Windows event logs to Elasticsearch from the Dutch company Elasticsearch. A security vulnerability exists in Elasticsearch Winlogbeat versions prior to 5.6.16 and prior to 6.6.2. An attacker can exploit the vulnerability by injecting...