22 matches found
CVE-2026-3861
LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially causing the iOS device to become temporarily...
CVE-2026-3861
Affected software: LINE client for iOS (versions prior to 26.3.0). Vulnerability details: In the in-app browser, opening a crafted web page can repeatedly trigger OS-level dialogs due to insufficient safeguards when handling arbitrary URL schemes, potentially making the iOS device temporarily ino...
CVE-2026-27099
Jenkins 2.483 through 2.550 both inclusive, LTS 2.492.1 through 2.541.1 both inclusive does not escape the user-provided description of the "Mark temporarily offline" offline cause, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Agent/Configure or...
SUSE-SU-2025:4319-1 Security update for cups
This update for cups fixes the following issues: - The fix for CVE-2025-58436 causes a regression where GTK applications will hang. bsc1254353 See also https://github.com/OpenPrinting/cups/issues/1429 The fix has been temporary disabled...
openSUSE 15 Security Update : libxslt (SUSE-SU-2025:03595-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2025:03595-1 advisory. - last fix caused a regression, patch was temporary disabled bsc1250553 Tenable has extracted the preceding description block directly from the SUSE securit...
Security update for libxslt
This update for libxslt fixes the following issues: last fix caused a regression, patch was temporary disabled bsc1250553 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command...
EUVD-2025-26509
Malicious code in bioql PyPI...
WordPress plugin Temporarily Hidden Content 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in...
PT-2025-30111 · WordPress · Temporarily Hidden Content
Name of the Vulnerable Software and Affected Versions: Temporarily Hidden Content plugin for WordPress versions up to and including 1.0.6 Description: The Temporarily Hidden Content plugin for WordPress is susceptible to Stored Cross-Site Scripting through the plugin’s temphc-start shortcode...
PT-2024-40216 · Silverstripe · Silverstripe
Name of the Vulnerable Software and Affected Versions: SilverStripe forms affected versions not specified Description: The issue concerns form fields in SilverStripe forms that return isReadonly as true, making them vulnerable to reflected XSS injections. This includes fields like ReadonlyField,...
PT-2024-24996 · WordPress · User Registration – Custom Registration Form
Name of the Vulnerable Software and Affected Versions: User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin versions up to, and including, 3.1.5 Description: The issue is related to unauthorized loss of data due to a missing capability check on the profile p...
golang security update
1.20.12-4 - Rebuild for z-stream - Related: RHEL-28939 1.20.12-3 - Fix CVE-2023-45288 - Resolves: RHEL-28939 - Temporarily disable FIPS tests RHELBLD-14822...
PT-2024-3990
Name of the Vulnerable Software and Affected Versions Progress Telerik Report Server versions 2024 Q1 10.0.24.305 or earlier Description The issue is related to an authentication bypass vulnerability in Progress Telerik Report Server, allowing an unauthenticated attacker to gain access to...
PT-2024-15451 · Beijing Baichuo · Beijing Baichuo Smart S150 Management Platform
Name of the Vulnerable Software and Affected Versions: Beijing Baichuo Smart S150 Management Platform versions up to 20240101 Description: A critical issue affects some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of...
gaspares.com.au Cross Site Scripting vulnerability OBB-3466216
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
GSD-2023-1000070 drm/amdgpu: temporarily disable broken Clang builds due to blown stack-frame
drm/amdgpu: temporarily disable broken Clang builds due to blown stack-frame This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.12 by commit...
PT-2022-24956 · Alibaba · Aliyun-Oss-Client
Name of the Vulnerable Software and Affected Versions: aliyun-oss-client versions prior to 0.8.1 Description: The aliyun-oss-client unintentionally divulges the authentication secret. Users of this library will be affected, as the incoming secret will be disclosed unintentionally. Recommendations...
SAP 3D Visual Enterprise Viewer 输入验证错误漏洞
SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP Germany. The software supports publishing 2D and 3D scenes in all industry-standard desktop applications and supports separate installations as standalone executables and ActiveX spaces. The vulnerability can be exploited to crash the...
Input validation
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated DIB file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation...
PT-2020-14546 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to write arbitrary files on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax mod...