PT-2026-1591

Name of the Vulnerable Software and Affected Versions SVG Map Plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on multiple AJAX actions. Specifically, the AJAX actions ‘save data’,...

PT-2026-1647

Name of the Vulnerable Software and Affected Versions Frenify Arlo versions through 6.0.3 Description A flaw exists in Frenify Arlo that allows for Reflected Cross-site Scripting XSS. This issue arises from improper input validation during web page generation. The vulnerability could potentially...

PT-2026-1962

Name of the Vulnerable Software and Affected Versions Devolutions PowerShell Universal versions prior to 4.5.6 Devolutions PowerShell Universal versions prior to 5.6.13 Description A cross-site scripting issue exists in Devolutions PowerShell Universal. This allows for potential malicious code...

PT-2026-1571

Name of the Vulnerable Software and Affected Versions Simple User Meta Editor versions prior to 1.0.1 Description The Simple User Meta Editor plugin for WordPress has a flaw that allows an attacker to inject malicious web scripts into pages viewed by users. This is due to a lack of proper...

Linux Distros Unpatched Vulnerability : CVE-2026-0628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extensio...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: High...

CVE-2026-0628

CVE-2026-0628 involves insufficient policy enforcement in Chrome/Chromium WebView handling, allowing a user to be convinced to install a malicious extension that can inject scripts or HTML into a privileged page. Affected software is Chromium-based and prior to version 143.0.7499.192 (Chrome desk...

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

CVE-2020-36924

Sony BRAVIA Digital Signage 1.7.8 is affected by a remote file inclusion vulnerability in the content material URL parameter. The issue allows attackers to inject arbitrary client-side scripts, potentially hijacking user sessions, performing cross-site scripting, and altering display content by m...

CVE-2020-36924 Sony BRAVIA Digital Signage 1.7.8 Unauthenticated Remote File Inclusion

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

PT-2026-1549

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 143.0.7499.192 Description Insufficient policy enforcement in the WebView tag allows a remote attacker to inject scripts or HTML into privileged pages via a crafted Chrome extension. This issue can be exploited ...

FIBARO System Home Center 安全漏洞

FIBARO System Home Center is a series of smart home core central control hosts from the Polish company FIBARO. A security vulnerability exists in FIBARO System Home Center version 5.021, which stems from a remote file inclusion vulnerability in the undocumented proxy API that could lead to the...

PT-2026-1440

FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or...

PT-2026-1457

Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modif...

CVE-2025-12513 A user with elevated privileges can inject XSS in the Hosts configuration parameters page

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Hosts configuration form modules allows Stored XSS to users with high privileges. This issue affects Infra Monitoring: from 25.10.0 before 25.10.2, from 24.10.0...

CVE-2025-49346

Cross-Site Request Forgery CSRF vulnerability in peterwsterling Simple Archive Generator simple-archive-generator allows Stored XSS.This issue affects Simple Archive Generator: from n/a through = 5.2...

CVE-2025-49357 WordPress Audiomack plugin <= 1.4.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Audiomack allows Stored XSS.This issue affects Audiomack: from n/a through 1.4.8...