1051 matches found
CVE-2026-40873
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the Quarantine details modal injects attachment filenames into HTML without escaping, allowing arbitrary HTML/JS execution. An attacker can deliver an email with a crafted attachment name s...
EUVD-2026-23929
GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...
CVE-2026-23757 GFI HelpDesk < 4.99.10 Stored XSS via Reports Module
GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFTReport::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...
PT-2026-33822
GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT Report::Create without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a...
Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems...
EUVD-2026-22660
October CMS has Stored XSS in Event Log Mail Preview...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the mail preview feature of the Event Log, where HTML content is rendered in an iframe without proper sandboxing. An attacker can execute arbitrary JavaScript in the context of a privileged user's browser by...
CVE-2026-24907
CVE-2026-24907 affects October CMS: versions prior to 3.7.14 and 4.1.10 contain a stored XSS in the Event Log mail preview feature. HTML is rendered in an iframe without proper sandboxing when viewing logged mail messages, allowing JavaScript execution in the viewer’s browser context. The issue i...
[SECURITY] Fedora 44 Update: geeqie-2.7-2.fc44
Geeqie has been forked from the GQview project with the goal of picking up development and integrating patches. It is an image viewer for browsing through graphics files. Its many features include single click file viewing, support for external editors, previewing images using thumbnails, and zoo...
SUSE-SU-2026:1252-1 Security update for tigervnc
This update for tigervnc fixes the following issues: - CVE-2026-34352: Fixed permissions to prevent other users from observing the screen, or modifying what is sent to the client. bsc1260871...
PT-2026-31110
Name of the Vulnerable Software and Affected Versions The Awesome Support – WordPress HelpDesk & Support Plugin versions up to and including 6.3.7 Description The Awesome Support – WordPress HelpDesk & Support Plugin is susceptible to an Insecure Direct Object Reference issue. The wpas get ticket...
CVE-2018-25247
The CVE-2018-25247 entry concerns MyBB Like Plugin 3.0.0, which is vulnerable to cross-site scripting via user profiles. The root cause is unvalidated subject content in posts/threads, allowing an attacker to craft post subjects containing script tags that execute when other users view the attack...
EUVD-2026-16468
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions...
CVE-2026-34352
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions...
CVE-2026-23488
Blinko is affected prior to version 1.8.4. The /api/v1/comment/create endpoint allows unauthorized posting of comments to any note (including private ones), and /api/v1/comment/list allows unauthorized viewing of comments on all notes. The issue is fixed in version 1.8.4. CVSS v4.0 base score 6.9...
Adobe Commerce License Issues Vulnerability (CNVD-2026-15169)
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. Adobe Commerce has an authorization issue vulnerability that can be exploited by an attacker to bypass security measures and gain unauthorized viewing...
EUVD-2026-12071
IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...
IBM CICS Transaction Gateway for Multiplatforms 访问控制错误漏洞
IBM CICS Transaction Gateway for Multiplatforms is a transaction gateway software developed by the American multinational company International Business Machines IBM. Versions 9.3 and 10.1 of IBM CICS Transaction Gateway for Multiplatforms contain access control vulnerability issues. These...
CVE-2026-0977
IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls...
PT-2026-25371
CVE-2026-0977 IBM CICS Transaction Gateway for Multiplatforms 9.3 and 10.1 could allow a user to transfer or view files due to improper access controls. https://t.co/mXB9t9PNuK...