CVE-2026-22808 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability

fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token FLEET::authtoken from localStorage...

CVE-2026-22808

CVE-2026-22808 describes a Cross-site Scripting (XSS) vulnerability in Fleet Windows MDM endpoint (fleetdm/fleet). If Windows MDM is enabled, an unauthenticated attacker could trigger XSS to steal the Fleet administrator token (FLEET::auth_token) from localStorage, potentially enabling unauthoriz...

CVE-2026-22808

fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token FLEET::authtoken from localStorage...

CVE-2025-65442

CVE-2025-65442 describes a DOM-based XSS in the 201206030 novel system version 3.5.0. The root cause is insufficient validation/encoding of user-controllable data in the book_comment module: unfiltered input is stored in the database (book_comment.commentContent) and later rendered into the page ...

CVE-2025-56527

Plaintext password storage in Kotaemon 0.11.0 in the client's localStorage...

EUVD-2015-6696

Malware in sbrugna...

EUVD-2023-2408

Malicious code in bioql PyPI...

EUVD-2024-40455

Malicious code in bioql PyPI...

EUVD-2025-24079

Malicious code in bioql PyPI...

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.

...

CVE-2025-50733

NextChat contains a cross-site scripting XSS vulnerability in the HTMLPreview component of artifacts.tsx that allows attackers to execute arbitrary JavaScript code when HTML content is rendered in the AI chat interface. The vulnerability occurs because user-influenced HTML from AI responses is...

CVE-2025-8797

A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-8797

A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-8797

A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the publi...

Insecure Inherited Permissions

Overview Affected versions of this package are vulnerable to Insecure Inherited Permissions in the LocalStorage handler. An attacker can gain unauthorized access to sensitive information or modify data by exploiting improper permission enforcement in this component. Remediation There is no fixed...

CVE-2025-8797 LitmusChaos Litmus LocalStorage permission

A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-8797 LitmusChaos Litmus LocalStorage permission

A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the publi...

CVE-2025-8797

LitmusChaos Litmus (versions up to 3.19.0) contains a vulnerability in the LocalStorage Handler that enables permission-related issues. The issue can be exploited remotely, and public PoCs/exploits have been disclosed. Several sources corroborate affected version range and remote-attack potential...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the LocalStorage handler when manipulating the projectID argument. An attacker can gain unauthorized access to resources by providing a crafted value for this argument during local...

CVE-2025-8794

A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to authorization bypass. Local access is required t...