CVE-2026-10101

The CVE-2026-10101 issue affects the OpenShift ACM/MCE assisted-service: pull-secret validation failures cause raw referenced pull-secret content to be written into InfraEnv.status.conditions[].message. A namespace viewer with only the view ClusterRole can read InfraEnv objects and reconstruct th...

Linux Distros Unpatched Vulnerability : CVE-2026-28379

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map...

SUSE CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

CVE-2026-28379

A race condition in Grafana Live allows authenticated users with Viewer role to trigger a server crash by sending concurrent requests that cause a fatal map access error. This results in complete service unavailability requiring restart of the Grafana server...

PT-2026-40784

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A race condition in Grafana Live enables authenticated users with the Viewer role to cause a server crash. By sending concurrent requests, an attacker can trigger a fatal map access error,...

CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

CVE-2026-41127

BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on who is able to submit captions. No known workarounds are available...

EUVD-2025-209275

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

CVE-2026-3241

Concrete CMS versions below 9.4.8 are affected by a stored XSS in the Legacy Form block. An authenticated user with permissions to create or edit forms (e.g., a rogue administrator) can inject a persistent JavaScript payload into the options of a multiple‑choice question (Checkbox List, Radio But...

PT-2026-22866

In Concrete CMS below version 9.4.8, a stored cross-site scripting XSS vulnerability exists in the "Legacy Form" block. An authenticated user with permissions to create or edit forms e.g., a rogue administrator can inject a persistent JavaScript payload into the options of a multiple-choice...

Exploit for Improper Encoding or Escaping of Output in Parall Jspdf

CVE-2026-25940 jsPDF PoC A proof-of-concept for CVE-2026-2594...

Statamic 跨站脚本漏洞

Statamic is a powerful flat-file CMS built using Laravel by Statamic Inc. It allows all content, templates, assets, and settings to be stored in files rather than in a database. Versions of Statamic 5.73.11 and earlier, as well as 6.4.0 and earlier, had a cross-site scripting vulnerability. This...

CVE-2025-67857

A flaw was found in moodle. During anonymous assignment submissions, user identifiers were inadvertently exposed in URLs. This data exposure allows unauthorized viewers to see internal user IDs, compromising the intended anonymity and potentially leading to information disclosure...

CVE-2026-0713

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

PT-2026-2986

Name of the Vulnerable Software and Affected Versions Grafana affected versions not specified Description A security issue exists in the /apis/dashboard.grafana.app/ API endpoints, allowing authenticated users to bypass dashboard and folder permissions. This affects all API versions v0alpha1,...

CVE-2025-65090

XWiki Full Calendar Macro displays objects from the wiki on the calendar. Prior to version 2.4.6, users with the rights to view the Calendar.JSONService page including guest users can exploit the data leak vulnerability by accessing database info, with the exception of passwords. This issue has...

CVE-2025-40591

A vulnerability has been identified in RUGGEDCOM ROX MX5000 All versions V2.16.5, RUGGEDCOM ROX MX5000RE All versions V2.16.5, RUGGEDCOM ROX RX1400 All versions V2.16.5, RUGGEDCOM ROX RX1500 All versions V2.16.5, RUGGEDCOM ROX RX1501 All versions V2.16.5, RUGGEDCOM ROX RX1510 All versions V2.16.5...

EUVD-2025-204340

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected...

Siemens RUGGEDCOM ROX II Client-Side Enforcement of Server-Side Security (CVE-2025-40591)

The 'Log Viewers' tool in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated remote attacker to execute the 'tail' command with root privileges and disclose contents of all files in the filesystem...

CVE-2025-12405

An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attache...