Microsoft Exchange Server Spoofing Vulnerability

User interface ui misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...

[SECURITY] Fedora 43 Update: rust-wiremix-0.7.0-3.fc43

A TUI mixer for PipeWire...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 145.0.7632.45 contained a security vulnerability, which was caused by improper handling of file inputs. This vulnerability could potentially lead users to execute certain UI gestures, resulting in UI...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 145.0.7632.45 contained a resource management vulnerability. This vulnerability stemmed from a problem with reusing resources after they were released in Ozone, which could lead to exploiting heap corruptio...

PT-2026-7408

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server affected versions not specified Description A flaw in Microsoft Exchange Server’s user interface can lead to the misrepresentation of critical information. This allows an unauthorized attacker to conduct spoofing...

Security Updates for Microsoft Exchange Server (February 2026)

The Microsoft Exchange Server installed on the remote host is missing a security update. It is, therefore, affected by a vulnerability as referenced in the February, 2026 security bulletin. - User interface ui misrepresentation of critical information in Microsoft Exchange Server allows an...

GHSA-5G2W-9F8G-G5Q7 Apache Airflow UI Exposes DAG Import Errors to Unauthorized Authenticated Users

Impact Exposure of Sensitive Information: An information disclosure vulnerability exists in the Apache Airflow UI that allows authenticated users to view Import Errors for DAGs they are not authorized to access. In affected versions, the Import Errors view does not correctly filter errors based o...

Apache Airflow 安全漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. Prior to Apache Airflow 3.1.7, there were security...

SUSE CVE-2026-23990

The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows...

CVE-2026-25640 Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...

CVE-2026-25640 Pydantic AI affected by Stored XSS via Path Traversal in Web UI CDN URL

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...

CVE-2026-25640

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...

EUVD-2026-5593

Pydantic AI is a Python agent framework for building applications and workflows with Generative AI. From 1.34.0 to before 1.51.0, a path traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL...

GHSA-WJP5-868J-WQV7 Pydantic AI has Stored XSS via Path Traversal in Web UI CDN URL

Summary A Path Traversal vulnerability in the Pydantic AI web UI allows an attacker to serve arbitrary JavaScript in the context of the application by crafting a malicious URL. If a victim clicks the link or visits it via an iframe, attacker-controlled code executes in their browser, enabling the...

(0Day) Xmind Attachment Insufficient UI Warning Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xmind. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of attachments...

pydantic-ai 跨站脚本漏洞

Pydantic-ai is a generative AI framework developed by Pydantic for building production-level applications and workflows. Versions of pydantic-ai from 1.34.0 to 1.51.0 had a cross-site scripting vulnerability. This vulnerability stemmed from path traversal in the Web UI, which could allow attacker...

Juniper Junos OS Vulnerability (JSA100096)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100096 advisory. - An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high...

SUSE-SU-2026:0390-1 Security update for java-1_8_0-ibm

This update for java-180-ibm fixes the following issues: Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034 - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036 - CVE-2026-21933: Fixed Oracle Java SE component Networking bsc1257037 -...

CVE-2026-1966

YugabyteDB Anywhere displays LDAP bind passwords configured via gflags in cleartext within the web UI. An authenticated user with access to the configuration view could obtain LDAP credentials, potentially enabling unauthorized access to external directory services...

CVE-2026-1966

CVE-2026-1966 affects YugabyteDB Anywhere. An authenticated user with access to the configuration view can see LDAP bind passwords configured via gflags in cleartext in the web UI, enabling potential unauthorized access to external directory services. The issue is described consistently across so...