EUVD-2026-34804

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

CVE-2026-21032

CVE-2026-21032 concerns Samsung Assistant's SmartHomeWidgetReceiver where improper export of Android app components allows a local attacker to execute arbitrary script. Affected software: Samsung Assistant prior to version 9.3.14 (the vulnerable component is SmartHomeWidgetReceiver). Root cause: ...

CVE-2026-21032

Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script...

Kali-setup

🛠️ kali-setup A single bash script that pulls in the 20 most-...

BIT-AUTHENTIK-2026-42849 authentik: Reflected XSS in SFE AutosubmitStage allows IDP account takeover

authentik is an open-source identity provider. Prior to versions 2025.12.5 and 2026.2.3, due to the implementation of stages in the SFE Simple Flow Executor in order to make the interface more compatible with legacy browsers, it was possible to use an XSS exploit in the AutosubmitStage. This issu...

[SECURITY] Fedora 44 Update: perl-Dist-Build-0.028-1.fc44

Dist::Build is a Build.PL implementation. Unlike Module::Build::Tiny it is extensible, unlike Module::Build it uses a build graph internally which makes it easy to combine different customizations. It's typically extended by adding a .pl script in planner/...

[SECURITY] Fedora 43 Update: perl-Dist-Build-0.028-1.fc43

Dist::Build is a Build.PL implementation. Unlike Module::Build::Tiny it is extensible, unlike Module::Build it uses a build graph internally which makes it easy to combine different customizations. It's typically extended by adding a .pl script in planner/...

Fortinet FortiOS <=5.2.3 - Cross-Site Scripting

Fortinet FortiOS 5.2.x before 5.2.3 contains a cross-site scripting vulnerability in the SSL VPN login page which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. id: CVE-2015-1880 info: name: Fortinet FortiOS =5.2.3 - Cross-Site Scripting author: pikpikcu...

EUVD-2026-34734

Insufficient validation of untrusted input in Omnibox in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-34666

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML UXSS via a crafted QR code. Chromium security severity: Medium...

EUVD-2026-34647

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34611

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34627

Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34583

Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

EUVD-2026-34510

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. Chromium security severity: Medium...

EUVD-2026-34483

Insufficient validation of untrusted input in Tab Group Sync in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via malicious network traffic. Chromium security severity: Medium...

EUVD-2026-34377

Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

EUVD-2026-34365

Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...

Linux Distros Unpatched Vulnerability : CVE-2026-10928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Script injection in Headless in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium...

EUVD-2026-34845

Multiple reflected Cross-Site Scripting XSS vulnerabilities in damasac thaipalliativelte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter line 24, the id parameter lines 25, 75, and the ptidkey parameter lines 26, 42 in...