Cross-site Scripting (XSS)

Overview cyberchef is a simple, intuitive web app for carrying out all manner of "cyber" operations within a web browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ShowBase64Offsets.mjs. An attacker can execute arbitrary JavaScript code in the context of...

CVE-2026-37750

A reflected Cross-Site Scripting XSS vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php...

CVE-2026-7337

A type confusion flaw was found in the V8 component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500880819...

PT-2026-36905

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.32 n8n versions prior to 2.17.4 n8n versions prior to 2.18.1 Description An unauthenticated attacker can register a malicious MCP OAuth client using a crafted client name. If a victim user authorizes the OAuth conse...

PT-2026-36196

Name of the Vulnerable Software and Affected Versions Exim versions prior to 4.99.2 Description An out-of-bounds heap write can occur when JSON lookup is enabled. This happens when a JSON operator encounters malformed JSON in an untrusted header due to an incorrect implementation of backslash...

Joern 4.0.529

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

FreeBSD : Mozilla -- Invalid pointer (671af4b2-4305-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 671af4b2-4305-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2013588 reports: Invalid pointer in the JavaScript:...

FreeBSD : Mozilla -- Other issue in the JavaScript Engine component (58a378c8-430a-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 58a378c8-430a-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2023343 reports: Other issue in the JavaScript Engine...

PT-2026-35951

Name of the Vulnerable Software and Affected Versions Helpy version 2.8.0 Description A stored cross-site scripting issue exists in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of...

AlmaLinux 8 : firefox (ALSA-2026:10766)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2026:10766 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScrip...

FreeBSD : Mozilla -- Use-after-free (5ef5236d-4305-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5ef5236d-4305-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2027541 reports: Use-after-free in the JavaScript Engine...

FreeBSD : Mozilla -- Use-after-free (6a439169-4305-11f1-a627-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6a439169-4305-11f1-a627-b42e991fc52e advisory. https://bugzilla.mozilla.org/showbug.cgi?id=2013619 reports: Use-after-free in the JavaScript:...

PT-2026-37180

Name of the Vulnerable Software and Affected Versions Icinga Web versions prior to 0.13.1 Description An issue allows an attacker to inject malicious Javascript into a victim's browser to execute it within the context of Icinga Web. This occurs when a victim visits a specifically prepared website...

CVE-2026-7337

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-7337

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

CVE-2026-7337

CVE-2026-7337 describes a type confusion in V8 affecting Google Chrome prior to version 147.0.7727.138 . The issue enables a remote attacker to execute arbitrary code inside the browser sandbox via a crafted HTML page. Affected product: Google Chrome (all supported platforms); root cause: Type Co...

CVE-2026-7337

Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR bsc1262230, MFSA 2026-32: CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. CVE-2026-6747: Use-after-free in the WebRTC component. CVE-2026-6748: Uninitialized memory i...

SUSE-SU-2026:1650-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR bsc1262230, MFSA 2026-32: - CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. - CVE-2026-6747: Use-after-free in the WebRTC component. - CVE-2026-6748: Uninitialized...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issue: Update to Firefox Extended Support Release 140.10.0 ESR bsc1262230, MFSA 2026-32: CVE-2026-6746: Use-after-free in the DOM: Core & HTML component. CVE-2026-6747: Use-after-free in the WebRTC component. CVE-2026-6748: Uninitialized memory i...