BIT-GITLAB-2026-6335 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

CVE-2026-6335 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.3 that under certain conditions could have allowed an authenticated user to execute arbitrary code in another user's browser session due to improper sanitization...

CVE-2025-66486 Multiple vulnerabilities have been addressed in IBM Aspera Shares

IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site...

Siemens SIMATIC Improper Neutralization of Input During Web Page Generation (CVE-2025-40943)

Affected devices do not properly sanitize contents of trace files. This could allow an attacker to inject code through social engineering an authorized user, who has the function right Read diagnostics, to import a specially crafted trace file. The malicious trace file is insufficiently sanitized...

EUVD-2026-8851

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerName', in 'a3factura-app.wolterskluwer.es//incomes/salesInvoices' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-2680 Multiple vulnerabilities in A3factura software

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es//incomes/salesDeliveryNotes' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-2678

CVE-2026-2678 affects A3factura software with a Reflected XSS vulnerability in the web platform. The issue is triggered via the parameter 'name' in the endpoint a3factura-app.wolterskluwer.es/#/incomes/customers, allowing arbitrary script execution in a victim’s browser. CVSS 4.0 indicates a MEDI...

CVE-2026-2677 Multiple vulnerabilities in A3factura software

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'name', in 'a3factura-app.wolterskluwer.es//incomes/representatives-management' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

CVE-2026-2677

CVE-2026-2677 documents a reflected Cross-Site Scripting (XSS) vulnerability in the A3factura web platform. The issue occurs in the parameter 'name' for the endpoint a3factura-app.wolterskluwer.es/#/incomes/representatives-management, allowing an attacker to potentially execute arbitrary code in ...

PT-2026-22143

Reflected Cross-Site Scripting XSS on the A3factura web platform, in parameter 'customerVATNumber', in 'a3factura-app.wolterskluwer.es//incomes/salesDeliveryNotes' endpoint, which could allow an attacker to execute arbitrary code in the victim's browser...

PT-2026-21272

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

CVE-2026-26357

Dell Unisphere for PowerMax, version(s) 9.2.4.x , contains an Improper Neutralization of Input During Web Page Generation (XSS) vulnerability. A low-privilege, remote attacker could exploit this to execute malicious HTML/JavaScript in a victim's browser within the context of the vulnerable web ap...

CVE-2025-67231

A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

CVE-2025-67231

A reflected cross-site scripting XSS vulnerability in ToDesktop Builder v0.33.1 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload...

CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...

CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...

CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...

CVE-2026-22913

Improper handling of a URL parameter may allow attackers to execute code in a user's browser after login. This can lead to the extraction of sensitive data...

SICK TDC-X401GL has security vulnerabilities

The SICK TDC-X401GL is a edge computing gateway developed by the German company SICK. The SICK TDC-X401GL has a security vulnerability, which stems from improper handling of URL parameters. This vulnerability could allow attackers to execute code in the browser after users log in...

Vulnerabilities fixed in GitLab

GitLab has fixed vulnerabilities in GitLab CE/EE. The vulnerabilities include several issues, including the ability for authenticated users to abuse external API calls, which could lead to a Denial-of-Service. In addition, GraphQL allowed authenticated users to make unauthorized changes to projec...