CVE-2026-44659 Zen Browser Mac - Address Bar Spoofing via Long Subdomain

Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the actual registrable domain eTLD+1. As a result, an attacker can craft extremely long malicious...

Cross-site Scripting (XSS)

SiYuan is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of attacker-controlled content in SVG output generated by the dynamic icon API endpoint, which allows an attacker to inject and execute malicious JavaScript through crafted URLs...

[SECURITY] Fedora 43 Update: SDL3_image-3.4.4-1.fc43

Simple DirectMedia Layer SDL is a cross-platform multimedia library designed to provide fast access to the graphics frame buffer and audio device. This is a simple library to load images of various formats as SDL surfaces. It can load BMP, GIF, JPEG, LBM, PCX, PNG, PNM PPM/PGM/PBM, QOI, TGA, XCF,...

PT-2026-39839

Name of the Vulnerable Software and Affected Versions iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 Description An attacker ...

PT-2026-39860

Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 1.0.4-beta.1 Description A Cross-Site Scripting XSS issue exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer function...

📄 CairoSVG Denial of Service

CairoSVG versions prior to 2.9.0 suffer from a recursive denial of service vulnerability. CVE-2026-31899: Exponential DoS via Recursive Element Amplification in CairoSVG Keywords: CVE-2026-31899, CairoSVG, exponential DoS, SVG bomb, recursive use element, denial of service, XML amplification,...

GHSA-XV59-967R-8726 vulnerabilities

Vulnerabilities for packages: sqlx, sdp-k8s-injector, vector, sccache...

CVE-2026-44662 vulnerabilities

Vulnerabilities for packages: sqlx, sdp-k8s-injector, vector, sccache...

GHSA-XV59-967R-8726 vulnerabilities

Vulnerabilities for packages: typst, vector, sqlx, sdp-k8s-injector, guestproxyagent, sccache...

CVE-2026-44662 vulnerabilities

Vulnerabilities for packages: typst, vector, sqlx, sdp-k8s-injector, guestproxyagent, sccache...

CVE-2021-47925

CMDBuild 3.3.2 is affected by multiple stored cross-site scripting (XSS) vulnerabilities. The issue involves authenticated attackers injecting arbitrary web script or HTML via crafted input in card creation and file upload endpoints. XSS payloads can be injected through Employee card parameters o...

PT-2026-39524

Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulating the s emotion parameter. Attackers can submit POST requests to admin.php with JavaScript code i...

CMDBuild 跨站脚本漏洞

CMDBuild is an open-source web-based enterprise environment for configuring custom applications for asset management. Version 3.3.2 of CMDBuild contains a cross-site scripting vulnerability. This vulnerability stems from multiple stored-cross-site scripting vulnerabilities, allowing authenticated...

EUVD-2026-28939

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

CVE-2026-8195

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

CVE-2026-8195 JeecgBoot SVG File CommonController.java cross site scripting

A vulnerability was detected in JeecgBoot up to 3.9.1. The affected element is an unknown function of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/CommonController.java of the component SVG File Handler. The manipulation results in cross site...

org.springframework.ai:spring-ai-starter-vector-store-typesense (>=1.0.0 <=1.0.6) potentially affected by CVE-2026-41705 via org.springframework.ai:spring-ai-typesense-store (>=1.0.0 <=1.0.6)

org.springframework.ai:spring-ai-typesense-store MAVEN version =1.0.0, =1.0.0, =1.0.6 Source cves: CVE-2026-41705 Source advisory: OSV:GHSA-V632-2M87-7469...

EUVD-2026-28875

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...

CVE-2026-41705

The CVE affects Spring AI MilvusVectorStore#doDelete(List) and is caused by a filter-expression injection from unsanitized document IDs. Affected are Spring AI 1.0.x (1.0.0–1.0.x); upgrade to 1.0.7+; and Spring AI 1.1.x (1.1.0–1.1.x); upgrade to 1.1.6+. CVSSv3.1 base score 8.6 (HIGH): Network acc...

CVE-2026-41705

Spring AI's MilvusVectorStoredoDeleteList implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 o...