Nginx UI 访问控制错误漏洞

Nginx UI is a web interface for Nginx developed by Jacky. Version 2.3.5 of Nginx UI contains an access control vulnerability, which stems from unauthenticated privilege escalation during the initial installation process via the POST /api/install endpoint...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Downloads in Google Chrome prior to 143.0.7499.41 allowed a local attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

Inappropriate implementations in Downloads in Google Chrome prior to 143.0.7499.41 allowed a remote attacker who convinced a user to perform certain UI gestures to bypass download protections through a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

The incorrect security UI in the full-screen UI of Google Chrome prior to version 142.0.7444.59 allowed a remote attacker who convinced a user to perform certain UI gestures to perform UI spoofing through a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Zabbix

Setting the SMS media allows for setting the GSM modem file. This file is later used as a Linux device. But since everything is a file for Linux, it’s possible to set another file, such as a log file. In this case, Zabbixserver will attempt to communicate with it as a modem. As a result, the log...

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Autofill in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to spoof security UI via a crafted HTML page...

Astra Linux – Vulnerability in Chromium

Insecure security interfaces in the Downloads section of Google Chrome on Android before version 92.0.4515.107 allowed a remote attacker to perform domain spoofing through a crafted HTML page...

Astra Linux – Vulnerability in jqueryui

jQuery-UI is the official jQuery user interface library. Prior to version 1.13.0, accepting the value of various Text options of the Datepicker widget from untrusted sources might execute untrusted code. This issue has been fixed in jQuery UI 1.13.0. The values passed to various Text options are...

Astra Linux – Vulnerability in Firefox, Thunderbird

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor might be drawn over the browser UI, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

[SECURITY] Fedora 42 Update: insight-18.0.50.20260306-3.fc42

Insight is a tight graphical user interface to GDB written in Tcl/Tk. It provides a comprehensive interface that enables users to harness most of GDB's power. It's also probably the only up-to-date UI for the latest GDB version...

CVE-2026-7596

A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may ...

CVE-2026-7595

The CVE-2026-7595 affects the NextLevelBuilder UI package ui-ux-pro-max-skill (up to 2.5.0). Affected component: Tailwind Config Generator; vulnerable code: function _format_plugins in .claude/skills/ui-styling/scripts/tailwind_config_gen.py. The manipulation leads to code injection. Impact inclu...

CVE-2026-2311

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-2311

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 s vulnerable to privilege escalation caused by an invalid IBM i Web Administration GUI authorization check. A malicious actor could cause user-controlled code to run with administrator privilege...

CVE-2026-3346

IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted...

PT-2026-36188

Name of the Vulnerable Software and Affected Versions IBM Langflow Desktop versions 1.6.0 through 1.8.4 Description Stored cross-site scripting occurs when an authenticated user embeds arbitrary JavaScript code in the Web UI. This can alter the intended functionality and potentially lead to the...

GHSA-3GXM-WFJX-M847 beets has a Cross-site Scripting vulnerability

During code logic analyis, an area that may lead to unintended behavior under specific conditions was discovered. Overview - Verified Version: 80cd21554124da07d17a4f962c7d770a4f70d0f2 - Vulnerability Type: Stored XSS - Affected Location: beetsplug/web/templates/index.html:42 - Trigger Scenario:...

CVE-2025-10503

The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the injection of malicious JavaScript payloads, enabling reflected cross-site scripting. An attacker can leverage this...

Juniper Junos OS Vulnerability (JSA96464)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA96464 advisory. - An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the User Interface UI of Juniper Networks Junos OS and Junos OS Evolved allows a local,...

Juniper Junos OS Vulnerability (JSA100078)

The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA100078 advisory. - An Improper Access Control vulnerability in the User Interface UI of Juniper Networks Junos OS allows a local, low-privileged attacker to bring down an interface, leading...