6840 matches found
[SECURITY] [DLA 4528-1] webkit2gtk security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4528-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 11, 2026 https://wiki.debian.org/LTS -...
Citizen Lab: Law Enforcement Used Webloc to Track 500 Million Devices via Ad Data
Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called Webloc. The tool was developed by Israeli company Cobwebs Technologies...
CVE-2026-35600 Vikunja has HTML Injection via Task Titles in Overdue Email Notifications
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags,...
CVE-2026-35600 Vikunja has HTML Injection via Task Titles in Overdue Email Notifications
Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags,...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...
GHSA-45Q4-X4R9-8FQJ Vikunja has HTML Injection via Task Titles in Overdue Email Notifications
Summary Task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags, injected Markdown constructs produce phishing links and tracking pixels in...
Vikunja has HTML Injection via Task Titles in Overdue Email Notifications
Summary Task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags, injected Markdown constructs produce phishing links and tracking pixels in...
PT-2026-31951
Summary Task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags, injected Markdown constructs produce phishing links and tracking pixels in...
Vikunja 跨站脚本漏洞
Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.3.0 had a cross-site scripting vulnerability. This vulnerability occurred when Markdown links were embedded in task titles in overdue email notifications without special characters being...
CVE-2026-32289
A flaw was found in the html/template package. This vulnerability arises from improper tracking of context and brace depth within JavaScript JS template literals. A remote attacker could exploit these issues to cause content to be incorrectly or improperly escaped, leading to Cross-Site Scripting...
EUVD-2026-20232
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...
CVE-2026-39602
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...
CVE-2026-39602 WordPress Order Tracking plugin <= 3.4.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...
CVE-2026-39602
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...
CVE-2026-39602 WordPress Order Tracking plugin <= 3.4.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rustaurius Order Tracking order-tracking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Tracking: from n/a through = 3.4.3...
CVE-2026-39602
Technical details for CVE-2026-39602 are not publicly available in the provided documents. Monitor for updates from Red Hat, ENISA, NVD, and CVE records for affected products, versions, impact, and fixes.
DEBIAN-CVE-2026-32289
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
UBUNTU-CVE-2026-32289
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
CVE-2026-32289 JsBraceDepth Context Tracking Bugs (XSS) in html/template
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...
EUVD-2026-20018
Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being...