SUSE SLES15 Security Update : python312 (SUSE-SU-2026:2055-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2055-1 advisory. This update for python312 fixes the following issues - CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF...

Fedora 44 : systemd (2026-67f57405ee)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-67f57405ee advisory. More bugfixes. ---- - A bunch of bugfixes - More sanitization for invalid values received from hardware and firmware Tenable has extracted the preceding...

PT-2026-7807

This module allows content to be edited in-place. The module doesn't sufficiently sanitize certain image-related values during the editing process leading to a persistent Cross-site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have permission to...

MiracleLinux 9 : containernetworking-plugins-1.3.0-4.el9 (AXSA:2023-6651:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6651:02 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...

EUVD-2022-1037

Malicious code in bioql PyPI...

UBUNTU-CVE-2019-25225

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting XSS. The sanitizeHtml function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed...

CVE-2021-24712

The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars...

CVE-2020-13928

Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving search or rendering elements values are not sanitized correctly and because of that it triggers the XSS vulnerability...

golang: html/template: improper sanitization of CSS values

A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...

CVE-2023-24539 Improper sanitization of CSS values in html/template

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...

GHSA-X5CW-843F-R366 x-data-spreadsheet through 1.1.9 vulnerable to Cross-site Scripting

All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting XSS due to missing sanitization of values inserted into the cells...

Remote Code Execution (RCE)

apache-airflow is vulnerable to remote code execution RCE. The vulnerability exists as the example DAGs does not properly sanitize the value of dagrun.conf"message". The vulnerability exists if examples are enabled when the loadexamples=True is present in the config...