44463 matches found
CVE-2026-15107
CVE-2026-15107 describes a use-after-free in IndexedDB in Google Chrome, exploitable via a crafted HTML page to execute arbitrary code inside Chrome’s sandbox. Affected software is Chrome prior to version 150.0.7871.115; the vulnerability is triggered through IndexedDB operations in the browser. ...
CVE-2026-15120
CVE-2026-15120 : Use-after-free in Chrome on Windows (Core) prior to 150.0.7871.115 allows a compromised renderer to potentially escape sandbox via a crafted HTML page. Affected: Google Chrome (Windows); Root cause: use-after-free in Core. Impact: sandbox escape potential as described; Exploitati...
CVE-2026-59723
Cline is an autonomous coding agent as an SDK, IDE extension, or CLI assistant. Prior to 3.0.30, the Cline Hub dashboard server launched by the cline dashboard command accepts WebSocket connections on the /browser endpoint without validating the Origin header, and when ROOMSECRET is unset for loc...
CVE-2026-59723
The CVE-2026-59723 vulnerability affects the Cline Hub dashboard (the /browser WebSocket endpoint). Before version 3.0.30, the dashboard server did not validate the Origin header for WebSocket connections, and when ROOM_SECRET is unset on local 127.0.0.1, isAuthorizedBrowserRequest() could be abu...
EUVD-2026-42402
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.7 before 18.11.7, 19.0 before 19.0.4, and 19.1 before 19.1.2 that under certain conditions could have allowed an authenticated user to execute arbitrary scripts in another user's browser session due to improper...
EUVD-2026-42272
File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...
CVE-2026-55668 File Browser: ScopedFs follows a dangling symlink on write, letting a scoped user create files outside their scope
File Browser provides a web file managing interface. Prior to 2.63.16, ScopedFs validates the nearest existing ancestor of a dangling symlink as in scope and then follows the symlink during file creation, allowing an authenticated user with Create and Modify permissions to create...
CVE-2026-55668
The CVE affects File Browser’s ScopedFs component prior to version 2.63.16. An authenticated user with Create and Modify permissions can trigger ScopedFs to validate the nearest existing ancestor of a dangling symlink and then follow the symlink during file creation, allowing attacker‑controlled ...
mooSocial 3.1.8 - Reflected XSS
A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. id: CVE-2023-4173 info: name: mooSocial 3.1.8 - Reflected XSS author: momika233 severity: medium description: | A vulnerability, which was...
Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cross-site scripting vulnerability on the loadframe page. id: CVE-2021-37416 info: name: Zoho ManageEngine ADSelfService Plus 6103 to mitigate this vulnerability. reference: -...
WordPress Events Calendar <1.4.5 - Cross-Site Scripting
WordPress Events Calendar plugin before 1.4.5 contains multiple cross-site scripting vulnerabilities. The plugin does not sanitize and escape a parameter before outputting it back in the page. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the...
Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...
Atlassian Jira Confluence - Cross-Site Scripting
Atlassian Jira Confluence before version 7.6.6, from version 7.7.0 before version 7.7.4, from version 7.8.0 before version 7.8.4, and from version 7.9.0 before version 7.9.2, allows remote attackers to inject arbitrary HTML or JavaScript via a cross-site scripting vulnerability in the error messa...
EyouCms v1.6.2 - Cross-Site Scripting
EyouCms v1.6.2 was discovered to contain a reflected cross-site scripting XSS vulnerability via the component /admin/twitter.php?activet. id: CVE-2023-41597 info: name: EyouCms v1.6.2 - Cross-Site Scripting author: ritikchaddha severity: medium description: | EyouCms v1.6.2 was discovered to...
Extreme Management Center 8.4.1.24 - Cross-Site Scripting
Extreme Management Center 8.4.1.24 contains a cross-site scripting vulnerability via a parameter in a GET request. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...
WordPress Watu Quiz <3.3.9.1 - Cross-Site Scripting
WordPress Watu Quiz plugin before 3.3.9.1 is susceptible to cross-site scripting. The plugin does not sanitize and escape some parameters, such as email, dn, date, and points, before outputting then back in a page. An attacker can inject arbitrary script in the browser of an unsuspecting user in...
Combodo iTop <2.2.0-2459 - Cross-Site Scripting
Combodo iTop before 2.2.0-2459 contains a cross-site scripting vulnerability in application/dashboard.class.inc.php which allows remote attackers to inject arbitrary web script or HTML via a dashboard title. id: CVE-2015-6544 info: name: Combodo iTop 2.2.0-2459 - Cross-Site Scripting author:...
SmarterTools SmarterTrack - Cross-Site Scripting
Cross-site Scripting XSS vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. id: CVE-2022-24384 info: name: SmarterTools SmarterTrack - Cross-Site Scripting author: E1A severity: medium description: | Cross-site Scripting XSS vulnerability in...
Microweber < 1.2.17 - Cross-Site Scripting
Cross-site Scripting XSS vulnerability in the /demo/editortools/module endpoint via the 'type' parameter. id: CVE-2022-2130 info: name: Microweber 1.2.17 - Cross-Site Scripting author: ritikchaddha severity: medium description: | Cross-site Scripting XSS vulnerability in the...
Mitel ShoreTel 19.46.1802.0 Devices - Cross-Site Scripting
Mitel ShoreTel 19.46.1802.0 devices and their conference component are vulnerable to an unauthenticated attacker conducting reflected cross-site scripting attacks via the PATHINFO variable to index.php due to insufficient validation for the timezone object in the HOMEMEETING& page. id:...