58662 matches found
CVE-2026-5752
CVE-2026-5752 affects the Terrarium sandbox (Python-based, Pyodide/WebAssembly) used inside a container. The root cause is JavaScript prototype chain traversal that lets sandboxed code reach host environment, enabling arbitrary code execution as root within the container and potential access to s...
CVE-2026-21331
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a user is convinced to visit a URL referencing a vulnerable page, malicious JavaScript may execute in the victim’s browser. This is a user-interaction–required, network-based ...
CVE-2026-21331 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...
CVE-2026-27245 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session...
CVE-2026-34614
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser...
CVE-2026-27245 Adobe Connect | Cross-site Scripting (Reflected XSS) (CWE-79)
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session...
CVE-2026-27243
Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session...
Cross-site Scripting (XSS)
Overview org.webjars.npm:leaflet is a JavaScript library for mobile-friendly interactive maps Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bindPopup method. An attacker can execute arbitrary JavaScript code in the context of a user's browser session by...
Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...
GHSA-M32F-8VH9-2HH3 Keycloak: Arbitrary code execution via Stored Cross-Site Scripting (XSS) in organization selection login page
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...
EUVD-2025-209449
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...
CVE-2026-37980
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...
DEBIAN-CVE-2025-69993
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...
CVE-2025-69993
Leaflet versions up to and including 1.9.4 are vulnerable to Cross-Site Scripting XSS via the bindPopup method. This method renders user-supplied input as raw HTML without sanitization, allowing attackers to inject arbitrary JavaScript code through event handler attributes e.g., . When a victim...
CVE-2026-37980
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...
CVE-2026-37980
CVE-2026-37980 affects Keycloak, specifically the organization selection login page. The vulnerability arises because the organization.alias is inserted into an inline JavaScript onclick handler, enabling a remote attacker with manage-realm or manage-organizations privileges to trigger a Stored X...
CVE-2026-37980 Org.keycloak.forms.login: keycloak: keycloak: arbitrary code execution via stored cross-site scripting (xss) in organization selection login page
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...
[R3] Tenable Identity Exposure Version 3.77.17 Fixes Multiple Vulnerabilities
R3 Tenable Identity Exposure Version 3.77.17 Fixes Multiple Vulnerabilities Aaron Roy Tue, 04/14/2026 - 10:54 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components .NET Windows Server Hosting, NodeJS, Erlang OTP, S...
CVE-2026-37980
A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with manage-realm or manage-organizations administrative privileges can exploit a Stored Cross-Site Scripting XSS vulnerability. This flaw occurs because the organization.alias is placed into an...
darksword-Exploit
🗡️ DarkSword — iOS Full-Chain Exploit Analysis Reference:...