CVE-2026-44644

LiquidJS is a Shopify/GitHub Pages compatible template engine written in pure JavaScript. Versions 10.25.7 and below are vulnerable to XSS through a flaw in the striphtml filter logic. The striphtml filter is intended to remove HTML tags from a string before rendering, and is widely used as an XS...

CVE-2026-33121

DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the API datasource saving process. The deTableName field from the Base64-encoded datasource configuration is used to construct a DDL statement via simple strin...

2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 (KB5088863)

2026-05 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 22H2 for x64 KB5088863...

CVE-2026-34166 LiquidJS has a Memory Limit Bypass via Quadratic Amplification in `replace` Filter

LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.3, the replace filter in LiquidJS incorrectly accounts for memory usage when the memoryLimit option is enabled. It charges str.length + pattern.length + replacement.length bytes to the memory limite...

CVE-2026-3457

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

EUVD-2026-16575

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

CVE-2026-3457

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

CVE-2026-3457 Stored XSS vulnerability in Sentinel ACC

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

CVE-2026-3457 Stored XSS vulnerability in Sentinel ACC

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Thales Sentinel LDK Runtime on Windows allows Stored XSS.This issue affects Sentinel LDK Runtime: before 10.22...

CVE-2026-3457

CVE-2026-3457 refers to an stored XSS vulnerability in Thales Sentinel LDK Runtime on Windows, caused by improper neutralization of input during web page generation. The issue affects Sentinel LDK Runtime prior to 10.22 and can lead to stored cross-site scripting with impact on confidentiality (l...

PT-2026-28634

Name of the Vulnerable Software and Affected Versions Thales Sentinel LDK Runtime versions prior to 10.22 Description The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can...

Thales Sentinel LDK Runtime 安全漏洞

Thales Sentinel LDK Runtime is a component environment provided by Thales Corporation that offers software licensing and encryption protection for runtime operations. Versions of Thales Sentinel LDK Runtime prior to version 10.22 contained security vulnerabilities. These vulnerabilities were due ...

CVE-2026-32939

DataEase is an open source data visualization analysis tool. Versions 2.10.19 and below have inconsistent Locale handling between the JDBC URL validation logic and the H2 JDBC engine's internal parsing. DataEase uses String.toUpperCase without specifying an explicit Locale, causing its security...

CVE-2026-30952

liquidjs is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.0, the layout, render, and include tags allow arbitrary file access via absolute paths either as string literals or through Liquid variables, the latter require dynamicPartials: true, which is the...

CVE-2026-30957 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, OneUptime Synthetic Monitors allow a low-privileged authenticated project user to execute arbitrary commands on the oneuptime-probe server/container. The root cause is that untrusted Synthetic Monitor code is...

CVE-2026-30921 OneUptime Synthetic Monitor RCE via exposed Playwright browser object

OneUptime is a solution for monitoring and managing online services. Prior to 10.0.20, OneUptime Synthetic Monitors allow low-privileged project users to submit custom Playwright code that is executed on the oneuptime-probe service. In the current implementation, this untrusted code is run inside...

CVE-2026-29787

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

CVE-2026-29787 mcp-memory-service: System Information Disclosure via Health Endpoint

mcp-memory-service is an open-source memory backend for multi-agent systems. Prior to version 10.21.0, the /api/health/detailed endpoint returns detailed system information including OS version, Python version, CPU count, memory totals, disk usage, and the full database filesystem path. When...

CVE-2026-21660

Hardcoded Email Credentials Saved as Plaintext in Firmware CWE-256: Plaintext Storage of a Password vulnerability in Frick Controls Quantum HD version 10.22 and prior lead to unauthorized access, exposure of sensitive information, and potential misuse or system compromise This issue affects Frick...

CVE-2026-21656

Improper Control of Generation of Code 'Code Injection' vulnerability in Johnson Controls Frick Controls Quantum HD allows Code Injection. Insufficient validation of input in certain parameters may permit unexpected actions, which could impact the security of the device before authentication...