CVE-2025-36113

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 (builds 5.2.0.00–5.2.0.12) is vulnerable to cross-site scripting in the Web UI, exploitable by an authenticated user who can embed arbitrary JavaScript and potentially disclose credentials in a trusted session. The issue is do...

CVE-2025-36066 Multiple vulnerabilities were addressed in IBM Sterling Connect:Express for UNIX.

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

CVE-2025-36066

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 (5.2.0.00–5.2.0.12) is affected by a cross-site scripting flaw in the Web UI that allows an unauthenticated attacker to inject arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected produc...

CVE-2026-0907

CVE-2026-0907 affects Google Chrome/Chromium Split View UI, allowing UI spoofing via a crafted HTML page before version 144.0.7559.59. Connected documents confirm related Chromium/CEF updates in the 144.0.7559.x series across Fedora and ChromeOS advisories, indicating a patched release beyond 144...

CVE-2026-0901

Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...

PT-2026-3589

IBM Sterling Connect:Express Adapter for Sterling B2B Integrator 5.2.0 5.2.0.00 through 5.2.0.12 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadi...

PT-2026-3625

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session...

IBM Sterling Connect: Express Adapter for Sterling Cross-Site Script Vulnerability

IBM Sterling Connect: Express Adapter for Sterling is a communication adapter developed by the American multinational company International Business Machines IBM. The versions 5.2.0.00 to 5.2.0.12 of IBM Sterling Connect: Express Adapter for Sterling contain cross-site scripting vulnerabilities...

Huawei HarmonyOS and EMUI Clone Module Man-in-the-Middle Attack Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A man-in-the-middle attack vulnerability exists in the...

Huawei HarmonyOS and EMUI Media Library Module Privilege Authentication Bypass Vulnerability

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...

Huawei HarmonyOS and EMUI Media Library Module Privilege Authentication Bypass Vulnerability (CNVD-2026-10873)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scenario distributed operating system based on a microkernel.Huawei EMUI is a user interface developed by Huawei based on the Android operating system. A privilege authentication bypass vulnerability exists...

Microsoft Windows Tablet Windows User Interface (TWINUI) Subsystem Information Disclosure Vulnerability

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. An information disclosure vulnerability exists in the Microsoft Windows Tablet Windows User Interface TWINUI Subsystem, which can be exploited by attackers to obtain sensitive...

MiracleLinux 3 : qt-3.3.6-23.1AXS3 (AXBA:2008-400:02)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXBA:2008-400:02 advisory. - The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remo...

openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20054-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20054-1 advisory. Changes in chromium: - Chromium 144.0.7559.59 boo1256614 CVE-2026-0899: Out of bounds memory access in V8 CVE-2026-0900: Inappropriate...

Chromium: CVE-2026-0904 Incorrect security UI in Digital Credentials

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

CVE-2026-23722 WeGIA has a Reflected Cross-Site Scripting (XSS) vulnerability allowing arbitrary code execution and UI redressing.

WeGIA is a Web Manager for Charitable Institutions. Prior to 3.6.2, a Reflected Cross-Site Scripting XSS vulnerability was discovered in the WeGIA system, specifically within the html/memorando/inseredespacho.php file. The application fails to properly sanitize or encode user-supplied input via t...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from a security bypass vulnerability that originates from a security user interface error in split-screen view, which can be exploited by an attacker to bypass security restrictions...

Apache Airflow security vulnerabilities

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. Versions of Apache Airflow prior to 3.1.6 contained security vulnerabilities. These vulnerabilities stemmed from the lack of...

MiracleLinux 4 : mailman-2.1.12-26.AXS4.3 (AXSA:2018-2616:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2018-2616:01 advisory. mailman: Cross-site scripting XSS vulnerability in web UI CVE-2018-5950 Tenable has extracted the preceding description block directly from the MiracleLinux...

MiracleLinux 7 : pcs-0.9.143-15.el7 (AXSA:2015-718:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-718:02 advisory. pcs is a corosync and pacemaker configuration tool. It permits users to easily view, modify and created pacemaker based clusters. Security issues fixed with...