Threats Tagged 'cwe-74'

An HTML injection vulnerability exists in the Google Chat webhook notification  sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation in Google Chat. An attacker can insert limited HTML content including links. This issue affects Canarytokens: from Docker tag sha-4aef1db90 before sha-8ab4dccd, from Git commit 4aef1db90 before 8ab4dccd.

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to version 2.27.0 of the GeoServer DB2 DataStore Extension, an administrator can perform a JNDI attack through specially crafted DB2 jdbc url leading to to Remote Code Execution (RCE). Version 2.27.0 fixes the issue.

When NGINX Plus or NGINX Open Source is configured as the data plane for NGINX Gateway Fabric, an injection vulnerability exists in the NGINX configuration generator component of NGINX Gateway Fabric. User-supplied string values from the NginxProxy Custom Resource Definition (CRD) access log format setting are rendered directly into NGINX configuration templates without sanitization or escaping. An authenticated attacker with permission to create or modify these CRDs may craft values that inject arbitrary NGINX configuration directives. This is a control plane issue; there is no data plane exposure from the vulnerability trigger itself. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVE-2026-11859 is an HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens. This vulnerability allows interface manipulation and cross-site scripting (XSS) in email clients that render HTML emails. It affects Canarytokens versions from Docker tag sha-c0f3cf142 before sha-08c3f93d and Git commit c0f3cf142 before 08c3f93d. The vulnerability has a low severity score and no known exploits in the wild.

Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to an attacker-chosen URL. This issue has been patched in version 2.53.0.

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Improper neutralization of special elements in output used by a downstream component ('injection') in Microsoft Teams for Android allows an authorized attacker to disclose information over a network.

CVE-2026-8795 is a YAML injection vulnerability in Rapid7 Velociraptor versions before 0.76.6. It arises from improper escaping of the hostname field in a YAML template, allowing crafted input to inject arbitrary VQL code. This can lead to execution of commands with full permissions on the analyst's machine when applying remapping files.

This update includes the following RPMs: python3.12: * python3.12-3.12.13-3.1.hum1 (aarch64, x86_64) * python3.12-debug-3.12.13-3.1.hum1 (aarch64, x86_64) * python3.12-devel-3.12.13-3.1.hum1 (aarch64, x86_64) * python3.12-idle-3.12.13-3.1.hum1 (aarch64, x86_64) * python3.12-libs-3.12.13-3.1.hum1 (aarch64, x86_64) * python3.12-test-3.12.13-3.1.hum1 (aarch64, x86_64) * python3.12-tkinter-3.12.13-3.1.hum1 (aarch64, x86_64) * python3.12-3.12.13-3.1.hum1.src (src) Security Fix(es): python3.12: * CVE-2025-13462 * CVE-2026-3446 * CVE-2026-3479

Improper neutralization of special elements in output used by a downstream component ('injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.