3 matches found
CVE-2026-54002 Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`
Kirby is an open-source content management system. Prior to 4.9.4 and 5.4.4, Kirby sites and plugins that use the writer or list fields or call Dom::sanitize, Sane::sanitize, Sane::Html::sanitize, Sane::Svg::sanitize, Sane::Xml::sanitize, Sane::sanitizeFile, or file sanitizeContents with untruste...
CVE-2026-9304
CVE-2026-9304 describes a server-side request forgery in calcom cal.diy ≤ 4.9.4 . The flaw is in the function validateUrlForSSRF in the file apps/web/app/api/logo/route.ts of the Logo API component. Exploitation can be remote; exploitability is described as difficult. A public exploit exists. The...
MiracleLinux 9 : podman-4.9.4-0.1.el9 (AXSA:2024-7787:03)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7787:03 advisory. golang: net/http/internal: Denial of Service DoS via Resource Consumption via HTTP requests CVE-2023-39326 golang: crypto/tls: Timing Side Channel...