PT-2025-26026 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue occurs when a task is descheduling and is requeued on a CPU that is excluded from the cpus mask. This can trigger a...

Apache Airflow vulnerable to stored Cross-site Scripting

Task instance details page in the UI is vulnerable to stored cross-site scripting. This issue affects Apache Airflow before 2.6.0...

CVE-2023-29247

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

CVE-2023-29247

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

PYSEC-2023-60

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

PYSEC-2023-60

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

CVE-2023-29247 Stored XSS on Apache Airflow

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

CVE-2023-29247 Stored XSS on Apache Airflow

Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0...

CERT-UA Warns of SmokeLoader and RoarBAT Malware Attacks Against Ukraine

An ongoing phishing campaign with invoice-themed lures is being used to distribute the SmokeLoader malware in the form of a polyglot file, according to the Computer Emergency Response Team of Ukraine CERT-UA. The emails, per the agency, are sent using compromised accounts and come with a ZIP...

Cross site scripting

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field...

CVE-2023-30097

A stored cross-site scripting XSS vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field...

PT-2023-22539 · Unknown · Totaljs Messenger

Name of the Vulnerable Software and Affected Versions: TotalJS messenger affected versions not specified Description: A stored cross-site scripting XSS vulnerability in TotalJS messenger allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task...

TotalJS messenger 跨站脚本漏洞

TotalJS messenger is a Node.js open source Slack alternative to the Total.js Platform open source. A security vulnerability exists in TotalJS messenger. An attacker can exploit this vulnerability to execute arbitrary web script or HTML via a specially crafted payload injected into a private task...

CVE-2023-26061

An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this,...

CVE-2023-31084

An issue was discovered in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASKRUNNING. In dvbfrontendgetevent, waiteventinterruptible is called; the condition is dvbfrontendtesteventfepriv,events. In dvbfrontendtestevent,...

CVE-2023-31084

An issue was discovered in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASKRUNNING. In dvbfrontendgetevent, waiteventinterruptible is called; the condition is dvbfrontendtesteventfepriv,events. In dvbfrontendtestevent,...

Task Reminder System Cross-Site Scripting Vulnerability

Task Reminder System is a task reminder system. A cross-site scripting vulnerability exists in Task Reminder System version 1.0, which stems from a cross-site scripting XSS vulnerability in the parameter id of the file Users.php. No details of the vulnerability are available at this time...

Nokia NetAct 跨站脚本漏洞

Nokia NetAct is a network management system from Nokia of Finland. A security vulnerability exists in versions prior to Nokia NetAct 22 FP2211, which stems from a lack of input validation during the creation of scheduled tasks...

CVE-2023-26061

An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this,...

Apache DolphinScheduler Authorization Issues Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache DolphinScheduler suffers from an authorization problem vulnerability that stems from the presence of incorrect authentication, which can ...