58794 matches found
CVE-2026-41456 Bludit CMS Reflected XSS via Search Plugin
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the /index.php/Speciaal:GefacetteerdZoeken parameter. An attacker can execute arbitrary JavaScript in a victim's browser by crafting a malicious URL and tricking the user into visiting it, potentially leadin...
CVE-2026-35451
Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...
CVE-2026-35451 Twenty: Stored XSS via BlockNote FileBlock
Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...
EUVD-2026-24161
Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...
CVE-2026-35451
CVE-2026-35451 affects the Twenty open source CRM, specifically the BlockNote editor. Before version 1.20.6 there is a Stored XSS in the FileBlock component: an attacker can inject a javascript: URI into the url property of a file block due to lack of protocol validation and insufficient server-s...
CVE-2026-35451
Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting XSS vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock component and insufficient server-side inspection of block content, an attacker can inject a javascript: U...
EUVD-2026-24120
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150...
EUVD-2026-24095
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, and Firefox ESR 140.10...
EUVD-2026-24099
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150...
EUVD-2026-24098
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Firefox ESR 140.10...
CVE-2026-6779
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6758
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6757
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
CVE-2026-6754
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
CVE-2026-6779
Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
CVE-2026-6757
Invalid pointer in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
UBUNTU-CVE-2026-6758
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...
UBUNTU-CVE-2026-6754
Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...
CVE-2026-6758
Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150...