Security Vulnerabilities
Stored cross-site scripting (XSS, CWE-79) in the survey content and administration functionality in Data Illusion Zumbrunn NGSurvey Enterprise Edition 3.6.4 on all supported platforms (
on Windows and Linux servers ) allows authenticated remote users with survey creation or edit privileges to execute arbitrary JavaScript in other users’ browsers, steal session information and perform unauthorized actions on their behalf via crafted survey content that is rendered without proper output encoding.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-01-07
Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
CVSS Score
8.8
EPSS Score
0.0
Published
2026-01-07
A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
CVSS Score
2.4
EPSS Score
0.0
Published
2026-01-07
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2026-01-07
Memory corruption while passing pages to DSP with an unaligned starting address.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Memory corruption when accessing resources in kernel driver.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Memory corruption when copying overlapping buffers during memory operations due to incorrect offset calculations.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
Transient DOS while parsing a WLAN management frame with a Vendor Specific Information Element.
CVSS Score
6.5
EPSS Score
0.0
Published
2026-01-07
Memory corruption occurs when a secure application is launched on a device with insufficient memory.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-01-07
The Uniffle HTTP client is configured to trust all SSL certificates and
disables hostname verification by default. This insecure configuration
exposes all REST API communication between the Uniffle CLI/client and the
Uniffle Coordinator service to potential Man-in-the-Middle (MITM) attacks.
This issue affects all versions from before 0.10.0.
Users are recommended to upgrade to version 0.10.0, which fixes the issue.
CVSS Score
9.1
EPSS Score
0.001
Published
2026-01-07