CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

CVE-2026-25148

Summary (CVE-2026-25148) Qwik SSR vulnerability: prior to version 1.19.0, the server-side rendering path serializes virtual attributes in a way that can be exploited via XSS. An attacker could inject arbitrary scripts into server-rendered pages through unescaped virtual attributes, enabling scrip...

EUVD-2026-5166

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

MiracleLinux 8 : 389-ds:1.4 (AXSA:2022-3115:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3115:01 advisory. 389-ds-base: double free of the virtual attribute context in persistent search CVE-2021-4091 Tenable has extracted the preceding description block directly...

CVE-2023-36496

The CVE-2023-36496 entry concerns PingDirectory’s Delegated Admin Privilege virtual attribute provider plugin. When enabled, it allows an authenticated user to elevate their permissions within the Directory Server, indicating a privilege-escalation flaw in the affected component. Documents refere...

CVE-2023-36496 Delegated Admin Virtual Attribute Provider Privilege Escalation

Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server...

CVE-2023-36496 Delegated Admin Virtual Attribute Provider Privilege Escalation

Delegated Admin Privilege virtual attribute provider plugin, when enabled, allows an authenticated user to elevate their permissions in the Directory Server...

389-ds-base: double free of the virtual attribute context in persistent search

A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...

RHEL 8 : 389-ds:1.4 (RHSA-2022:1410)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1410 advisory. 389 Directory Server is an LDAP version 3 LDAPv3 compliant server. The base packages include the Lightweight Directory Access Protocol LDAP server an...

389-ds-base: double free of the virtual attribute context in persistent search

A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...

389-ds-base: double free of the virtual attribute context in persistent search

A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...

389-ds-base: double free of the virtual attribute context in persistent search

A double free was found in the way 389-ds-base handles virtual attributes context in persistent searches. An attacker could send a series of search requests, forcing the server to behave unexpectedly, and crash...

389-ds-base 资源管理错误漏洞

389-ds-base is a highly available, fully featured, reliable and secure LDAP server implementation. It handles many of the largest LDAP deployments in the world. A resource management error vulnerability exists in 389-ds-base that stems from. A re-release issue was discovered in the way 389-ds-bas...