JoomlaUX JUX Real Estate 3.4.0 - Reflected XSS

A vulnerability was found in JoomlaUX JUX Real Estate 3.4.0 on Joomla. It has been classified as problematic. Affected is an unknown function of the file /extensions/realestate/index.php/properties/list/list-with-sidebar/realties. The manipulation of the argument Itemid/jpyearbuilt leads to cross...

symfony/ux-autocomplete XSS via unescaped AJAX response data

More info at https://github.com/symfony/ux/security/advisories/GHSA-mwqm-4fw3-cjvr...

symfony/ux-live-component Denial of service via unbounded batch action requests

More info at https://github.com/symfony/ux/security/advisories/GHSA-mm82-c99c-h2cf...

CVE-2026-48961 IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID

IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix Extra Field with 8-byte UID or GID. When decodeux in bin/zipdetails handles an Info-ZIP Unix Extra Field tag 0x7875 with UID Size or GID Size set to 8, causing...

Astra Linux - уязвимость в opencv

A out-of-bounds read was discovered in OpenCV prior to version 4.1.1. Specifically, the variable coarsestscale is assumed to be greater than or equal to finestscale within the calc/oclcalc functions in disflow.cpp. However, this assumption is incorrect when dealing with small images, resulting in...

CVE-2026-8539

CVE-2026-8539 describes a script injection (UXSS) in Chrome on Android via the SanitizerAPI, exploitable through a crafted HTML page. Affected software: Google Chrome for Android (Chromium-based). Vulnerable component: SanitizerAPI. Root cause: insufficient input handling in SanitizerAPI leading ...

UI UX Pro Max 注入漏洞

UI UX Pro Max is Next Level Builder open source a cross-platform UI/UX intelligent design system generation tool. UI UX Pro Max 2.5.0 and earlier versions of the injection vulnerability , the vulnerability stems from the Tailwind Config Generator component in the...

[SECURITY] Fedora 44 Update: kf6-kirigami-6.25.0-1.fc44

QtQuick plugins to build user interfaces based on the KDE UX guidelines...

CVE-2026-32607

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...

Discourse 跨站脚本漏洞

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the user and group display names not being HTML escaped in...

EUVD-2026-11788

Missing Authorization vulnerability in UX-themes Flatsome flatsome allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flatsome: from n/a through = 3.19.6...

CVE-2026-27154 Discourse has XSS when editing a malicious post

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, a user full name can be evaluated as raw HTML when the following settings are set: displaynameonposts = true; and prioritizeusernameinux = false. Editing a post of a malicious user would trigger ...

CVE-2026-28083

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UX-themes Flatsome flatsome allows Stored XSS.This issue affects Flatsome: from n/a through = 3.20.5...

Malicious Package

Overview @ux-foundry/palette is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious Package

Overview docs-ux is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorship...

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

CVE-2026-24576

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

CVE-2026-24576 WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...

CVE-2026-24576

CVE-2026-24576 is a stored XSS vulnerability in the WordPress UX Flat plugin (ux-flat) affecting versions up to and including 5.4.0. The issue is described as improper neutralization of input during web page generation, enabling stored cross-site scripting. The primary connected sources confirm t...

CVE-2026-24576 WordPress UX Flat plugin <= 5.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in COP UX Flat ux-flat allows Stored XSS.This issue affects UX Flat: from n/a through = 5.4.0...