Bagisto affected by Cross-site Scripting

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

GHSA-65FP-7G2V-658R Bagisto affected by Cross-site Scripting

A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may...

CVE-2026-34319

Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell: Core Client. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes t...

CVE-2026-35246

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle...

CVE-2026-35251

...

CVE-2026-35240

CVE-2026-35240 describes a vulnerability in Oracle MySQL Server (component: Server: Optimizer) affecting 8.0.0–8.0.45, 8.4.0–8.4.8, and 9.0.0–9.6.0. The flaw allows a highly privileged attacker who can access the server over multiple network protocols to cause a hang or a repeatedly crashing stat...

CVE-2026-35230

...

CVE-2026-34321

The CVE-2026-34321 entry concerns Oracle Financial Services Applications Infrastructure (OFSAI) – UI component. Affects 8.0.7.9, 8.0.8.7, and 8.1.2.5. The vulnerability can be triggered by a low-privileged attacker with network access over HTTP and requires user interaction, leading to unauthoriz...

CVE-2026-34292

...

CVE-2026-22014

...

CVE-2026-21998

...

CVE-2026-41320

Frappe HR is an open-source human resources management solution HRMS. Prior to versions 15.54.0 and 14.38.1, a specially crafted request made to a certain endpoint could result in SQL injection, allowing an attacker to extract information they wouldn't otherwise be able to. Versions 15.54.0 and...

EUVD-2026-24035

OpenBao's SQL Injection in PostgreSQL database secrets engine...

CVE-2026-40584

CVE-2026-40584 affects RansomLook. The vulnerability arises in the API at website/web/api/genericapi.py prior to version 1.9.0, where entries marked private are not properly filtered due to removing elements from a list while iterating. This can cause private location entries to be unintentionall...

EUVD-2026-24133

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

EUVD-2026-23990

Glances has SSRF in IP Plugin via publicapi leading to credential leakage...

UBUNTU-CVE-2026-31018

In Dolibarr ERP & CRM = 22.0.4, PHP code detection and editing permission enforcement in the Website module is not applied consistently to all input parameters, allowing an authenticated user restricted to HTML/JavaScript editing to inject PHP code through unprotected inputs during website page...

CVE-2026-6765

Information disclosure in the Form Autofill component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

RHSA-2026:7477 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...

RHSA-2026:7418 Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Bulletin has no description...