CVE-2026-25138

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username...

CVE-2026-25136

Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. A reflected Cross-site Scripting vulnerability was located in versions prior to 35.8.3, 38.5.4, and 39.3.1 in the rendering of the ExceptionMessa...

GHSA-38WQ-6Q2W-HCF9 Rucio WebUI has Username Enumeration via Login Error Message

Summary The WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Details When submitting invalid credentials to /ui/login, the WebUI responds with different error messages based on th...

CVE-2026-20036

A vulnerability in the CLI and web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker with valid administrative privileges to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to...

CVE-2026-2878

In Progress Telerik UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload. A predictable temporary identifier based on timestamp and filename can enable collisions and file content tampering. Affects components: RadAsyncUpload in the AJAX UI pac...

Cross-site Scripting (XSS)

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Cross-site Scripting XSS in the pygmentizelines function. An attacker who can can submit events to a Bugsink project and convince a user to interact in the web UI with a stacktrace containing a...

CVE-2026-27598

Dagu is a workflow engine with a built-in Web user interface. In versions up to and including 1.16.7, the CreateNewDAG API endpoint POST /api/v1/dags does not validate the DAG name before passing it to the file store. An authenticated user with DAG write permissions can write arbitrary YAML files...

SUSE CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

Rucio 安全漏洞

Rucio is an open-source scientific data management tool developed by Rucio team. Versions of Rucio prior to 35.8.3, 38.5.4, and 39.3.1 contained security vulnerabilities. These vulnerabilities stemmed from different error messages returned by the WebUI login endpoint, which could allow unverified...

Rucio 安全漏洞

Rucio is an open-source scientific data management tool developed by Rucio team. Versions of Rucio prior to 35.8.3, 38.5.4, and 39.3.1 contained security vulnerabilities. These vulnerabilities were caused by reflective cross-site scripting in the rendering of the ExceptionMessage on the WebUI 500...

Rucio 安全漏洞

Rucio is an open-source scientific data management tool developed by Rucio team. Versions of Rucio prior to 35.8.3, 38.5.4, and 39.3.1 contained security vulnerabilities. These vulnerabilities stemmed from input values controlled by attackers in the RSE metadata via the WebUI, which were not...

Rucio 安全漏洞

Rucio is an open-source scientific data management tool developed by Rucio team. Versions of Rucio prior to 35.8.3, 38.5.4, and 39.3.1 contained security vulnerabilities. These vulnerabilities stemmed from uncontrolled input in the Custom RSE Attribute of the WebUI, which allowed attackers to...

PT-2026-21999

Name of the Vulnerable Software and Affected Versions Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1 Description Rucio software contains a stored Cross-Site Scripting XSS issue within the Custom Rules function of the WebUI. Attackers can inject malicious code through the comment field, which ...

PT-2026-21985

Name of the Vulnerable Software and Affected Versions Rucio versions prior to 35.8.3 Rucio versions prior to 38.5.4 Rucio versions prior to 39.3.1 Description Rucio software contains a reflected Cross-site Scripting XSS issue in the rendering of the ExceptionMessage of the WebUI 500 error. This...

PT-2026-22001

Name of the Vulnerable Software and Affected Versions Rucio versions prior to 35.8.3, 38.5.4, and 39.3.1 Description Rucio is a software framework used for organizing, managing, and accessing large volumes of scientific data. A stored Cross-Site Scripting XSS issue exists in the Identity Name of...

CVE-2025-33181

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2803

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2803 Information disclosure, mitigation bypass in the Settings UI component

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

EUVD-2026-8456

Information disclosure, mitigation bypass in the Settings UI component. This vulnerability affects Firefox 148...