1290 matches found
PT-2026-43990
IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" LTR can expose sensitive credentials in debug mode...
IBM Guardium Data Protection 信息泄露漏洞
IBM Guardium Data Protection is a comprehensive data security platform developed by the American company International Business Machines IBM. Versions 12.2.1 and 12.2.2 of IBM Guardium Data Protection contain information leakage vulnerabilities. These vulnerabilities stem from the Long Term...
CVE-2026-4093
A flaw was found in the Drupal 7 Term Reference Tree module. This vulnerability, a type of stored Cross-Site Scripting XSS, allows an authenticated attacker with permissions to edit or create taxonomy terms to inject malicious scripts. These scripts can execute when a user views a form containing...
Debian dla-4600 : python3-django-postorius - security update
The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4600 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4600-1 [email protected] https://www.debian.org/lts/security/...
EUVD-2026-31381
Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...
EUVD-2026-31377
In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...
CVE-2026-4929
Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...
CVE-2026-4093
In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...
CVE-2026-4093
CVE-2026-4093 is a stored XSS in the Drupal 7 Term Reference Tree module affecting versions up to and including 7.x-1.11. Two vectors are described: Vector A (token display templates): attacker-controlled token output (e.g., term description) is rendered without proper sanitization when the Token...
CVE-2026-4093 Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)
In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...
CVE-2026-4093 Stored XSS in Drupal 7 Term Reference Tree module (token display templates and term labels)
In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...
CVE-2026-4093
In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline. Vector A token display templates: When the Token module is enabled and token display templates are configured, attacker-controlled token output e.g., term description is rendered...
CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output
Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...
CVE-2026-4929
The CVE concerns Simple Hierarchical Select (SHS) for Drupal 7, where cross-site scripting is possible due to improper output escaping of term-derived text. Affected code paths include field formatter output (shs_field_formatter_view) and term-tree child-term data generation (shs_term_get_childre...
CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output
Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...
Security Bulletin: IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerability (CVE-2026-8405)
Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2026-8405 DESCRIPTION: IBM Guardium Data Protection's add-on feature of Guardium Data Protection named "Long Term Retention" LTR can expose sensitive credentials in debug mode...
PT-2026-42578
Name of the Vulnerable Software and Affected Versions Drupal 7 Term Reference Tree versions 7.x-1.x through 7.x-1.11 Description Two stored Cross-Site Scripting XSS vectors exist in the widget/formatter rendering pipeline. The first vector occurs when the Token module is enabled and token display...
Drupal 跨站脚本漏洞
Drupal is an open-source content management system developed using the PHP language by the Drupal community. Versions of Drupal 7.x-1.11 and earlier, including 7.x-1.x, have a cross-site scripting vulnerability. This vulnerability stems from the rendering pipeline of the Term Reference Tree...
PT-2026-42579
Name of the Vulnerable Software and Affected Versions Simple Hierarchical Select SHS for Drupal 7 versions 7.x-1.0 through 7.x-1.10 Description Cross-site scripting risk exists due to improper output escaping of term-derived text. Malicious taxonomy term names can be rendered unsafely depending o...
Astra Linux – Vulnerability in Linux 5.10, Linux
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Avoid scheduling in rtasosterm. It is unsafe to use rtasbusydelay to handle a busy status from the IBM,os-term RTAS function in rtasosterm: Kernel Panic – Not Syncing: Attempted to kill init! Exitcode=0x0000000b BUG...