EUVD-2026-35438

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

CLEANSTART-2026-OH43332 Security fixes for CVE-2022-29526, CVE-2025-47907, CVE-2025-61726, CVE-2025-61727, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68121, CVE-2026-24515, CVE-2026-25210, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-32280, CVE-2026-32281, CVE-2026-32282, CVE-2026-32283, CVE-2026-32289, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-42499, CVE-2026-42501, ghsa-4f99-4q7p-p3gh applied in versions: 0.10-r0, 0.10-r1, 0.10-r2, 0.10-r3, 0.10-r4, 0.10-r5, 0.11-r0

Multiple security vulnerabilities affect the druid-exporter-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CVE-2026-21435 webtransport-go CloseWithError can block indefinitely

webtransport-go is an implementation of the WebTransport protocol. Prior to v0.10.0, an attacker can cause a denial of service in webtransport-go by preventing or indefinitely delaying WebTransport session closure. A malicious peer can withhold QUIC flow control credit on the CONNECT stream,...

Froxlor cross-site scripting vulnerabilities

Froxlor is a set of lightweight server management software developed by the Froxlor team. Version 0.10.16 of Froxlor contains a cross-site scripting vulnerability, which stems from improper cleaning of customer registration input fields. This vulnerability may lead to storage-based cross-site...

CVE-2025-58355 Soft Serve is vulnerable to arbitrary file writing through its SSH API

Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0...

CVE-2025-58061 OpenEBS Local PV RawFile persistent volume data is world readable

OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The...

dify 代码问题漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A code issue vulnerability exists in version 0.10.1 of dify, which stems from an unvalidated URL and could lead to a server-side request forgery attack...

SUSE CVE-2020-21834

A null pointer deference issue exists in GNU LibreDWG 0.10 via getbmp ../../programs/dwgbmp.c:164...

PT-2005-1795 · Ethereal +1 · Ethereal +1

Name of the Vulnerable Software and Affected Versions: Ethereal version 0.10.9 Description: A issue in the JXTA dissector of Ethereal allows remote attackers to cause a denial of service, resulting in an application crash. Recommendations: For Ethereal version 0.10.9, at the moment, there is no...