SUSE CVE-2026-25802

New API is a large language mode LLM gateway and artificial intelligence AI asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Version...

CVE-2026-25802

CVE context: The connected GHSA advisory GHSA-299V-8PQ9-5GJQ documents a potential XSS in a new API’s MarkdownRenderer component. The vulnerable path is in MarkdownRenderer.jsx (lines 212–231) that uses dangerouslySetInnerHTML to render model-generated HTML. Impact: potential XSS if the model out...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...

Improper Neutralization of Special Elements in Data Query Logic

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic via the token search. An attacker can exhaust system resources and disrupt service availability by submitting specially crafted search patterns containing SQL wildcard...

CVE-2020-28348

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type. Fixed in 0.12.8, 0.11.7, and 0.10.8...

SQL Injection in sails-mysql

Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries Recommendation Upgrade to version 0.10.8 or later...

GHSA-HX5X-49MM-VMHW SQL Injection in sails-mysql

Versions of sails-mysql prior to 0.10.8 are vulnerable to SQL Injection. The sort keyword is not properly sanitized and may allow attackers to inject SQL statements and execute arbitrary SQL queries Recommendation Upgrade to version 0.10.8 or later...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation uws is a WebSocket server library. By sending a 256mb websocket message to a uws server instance with permessage-deflate enabled, there is a possibility used compression will shrink said 256mb down to less than...

Wireshark Multiple Vulnerabilities (win)

The host is installed Wireshark and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbwiresharkmultvulnwin.nasl 5388 2017-02-21 15:13:30Z teissa $ Wireshark Multiple Vulnerabilities Windows Authors: Madhuri D Copyright: Copyright c 2010 Greenbone Networks GmbH,...

DSA-1839-1 gst-plugins-good0.10 - arbitrary code execution

Bulletin has no description...

security flaw

Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."...

[SA13468] Ethereal Multiple Vulnerabilities

TITLE: Ethereal Multiple Vulnerabilities SECUNIA ADVISORY ID: SA13468 VERIFY ADVISORY: http://secunia.com/advisories/13468/ CRITICAL: Highly critical IMPACT: DoS, System access WHERE: From remote SOFTWARE: Ethereal 0.x http://secunia.com/product/1228/ DESCRIPTION: Multiple vulnerabilities have be...