CVE-2026-54221

UBB.threads is vulnerable to Reflected XSS. The application improperly handles user input in certain requests, enabling attackers to execute arbitrary JavaScript in the context of a victim's browser by tricking them into clicking a crafted link. Because vendor contact attempts were unsuccessful,...

New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the driv...

CVE-2026-35569

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields SEO Title and Meta Description, where user-controlled input is rendered without proper output encoding into HTML contexts includin...

CVE-2026-42041

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution to silently suppress all HTTP error responses 401, 403, 500, etc., causing them to be...

CVE-2026-5816

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScript in a user's browser session due to improper path validation under certain conditions...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getDynamicIcon endpoint when attacker-controlled input is embedded into SVG output without proper sanitization. An attacker can execute arbitrary JavaScript in the context of the web application by...

PT-2025-42183

Stored Cross-Site Scripting XSS in Perfex CRM chatbot before 3.3.1 allows attackers to inject arbitrary HTML/JavaScript. The payload is executed in the browsers of users viewing the chat, resulting in client-side code execution, potential session token theft, and other malicious actions. A...

EUVD-2012-4613

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2013-6668

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service...

CVE-2025-54800

Hydra is a continuous integration service for Nix based projects. Prior to commit dea1e16, a malicious package can introduce arbitrary JavaScript code into the Hydra database that is automatically evaluated in a client's browser when anyone visits the build page. This could be done by a third-par...

Cross-site Scripting (XSS)

Overview phpoffice/phpspreadsheet is a Spreadsheet engine that Read, Create and Write Spreadsheet documents in PHP . Affected versions of this package are vulnerable to Cross-site Scripting XSS through the generateRow method. An attacker can execute arbitrary JavaScript code in the user's browser...

Proofpoint Insider Threat Management Cross-Site Scripting Vulnerability

Proofpoint Insider Threat Management Proofpoint ITM is an insider threat management system from Proofpoint Corporation. A cross-site scripting vulnerability exists in Proofpoint Insider Threat Management versions prior to 7.14.3.69, which stems from the presence of a Reflected Cross-Site Scriptin...

PT-2023-20332 · Opentsdb · Opentsdb

Name of the Vulnerable Software and Affected Versions: OpenTSDB affected versions not specified Description: The issue is caused by insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint. This allows an attacker to inject and execut...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...

Exploit for Injection in Google Android

This is a full exploit for CVE-2016-6754, also known as BadKernel. The exploit is a proof-of-concept PoC code that demonstrates a vulnerability in the Linux kernel. The code is written in JavaScript and is intended to be used for educational purposes only. The exploit targets a vulnerability in t...

The vulnerability of the Adobe Experience Manager content and media management system, related to information disclosure, allows a perpetrator to gain access to protected information.

The vulnerability of the Adobe Experience Manager content and media management system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the browser and gain access to protected information...

Abacus OAuth Login Cross-Site Scripting Vulnerability

Abacus OAuth Login is a single sign-on software from Abacus Switzerland. A cross-site scripting vulnerability exists in oauth/oauth2/v1/saml/ in version 201901r4201910210000 prior to Abacus OAuth Login R4 20.11.2019 Hotfix, which can be exploited by an attacker to execute JavaScript code in a...

Multiple vendor based Broadcom cable modems buffer overflow vulnerability

Sagemcom F@st 5260, Sagemcom F@st 3890 etc. is a router.Technicolor TC7230 STEB is a wireless router. A buffer overflow vulnerability exists in Broadcom cable modems based on multiple vendors. A remote attacker could execute arbitrary code in the kernel via JavaScript running in the victim's...

AudioCodes 400HD Cross-Site Scripting Vulnerability

AudioCodes 400HD is a 400HD series IP phone product from AudioCodes Israel. A cross-site scripting vulnerability exists in AudioCodes 400HD, which can be exploited by remote attackers to execute JavaScript code in a user's browser...

FreeBSD : mozilla -- Speculative execution side-channel attack (8429711b-76ca-474e-94a0-6b980f1e2d47)

Mozilla Foundation reports : Jann Horn of Google Project Zero Security reported that speculative execution performed by modern CPUs could leak information through a timing side-channel attack. Microsoft Vulnerability Research extended this attack to browser JavaScript engines and demonstrated tha...