CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

CVE-2026-34077

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-33553

Northern.tech CFEngine Enterprise 3.24.3 before 3.24.4 and 3.27.0 before 3.27.1 allows XSS...

CVE-2026-30586

Cross Site Scripting vulnerability in usememos Memos v.0.26.0 allows a remote attacker to obtain sensitive information via the SANITIZESCHEMA, Memo Rendering Component, and Public/Private Memo View pages...

CVE-2026-5385

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

EUVD-2026-34006

An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. This issue affects glpi: before 11.0.7...

CVE-2026-5385

Summary : CVE-2026-5385 is a stored XSS in GLPI prior to 11.0.7. An unauthenticated user with write access to the knowledge base can store an XSS payload in a knowledge base item. Affected versions : GLPI before 11.0.7. Impact : authenticated? No — attacker needs knowledge-base write access; impa...

Cross-site Scripting (XSS)

Overview @react-router/dev is a Dev tools and CLI for React Router Affected versions of this package are vulnerable to Cross-site Scripting XSS due to the improper neutralization of the HTTP Location header value in redirect HTML prerendering when using Framework Mode. An attacker can execute...

Important: Red Hat Security Advisory: Red Hat Data Grid 8.6.1 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

[SECURITY] [DSA 6320-1] php-twig security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6320-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff June 02, 2026 https://www.debian.org/security/faq -...

CVE-2026-34077 React Router vulnerable to Denial of Service via reflected user input in single-fetch

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-34077

React Router upstream vulnerability CVE-2026-34077 affects versions 7.7.0–7.13.1 where, when using unstable React Server Components APIs, the RSC redirect handling can lead to a client-side XSS if redirects come from untrusted sources. The issue does not impact non-RSC applications. A fix is avai...

CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets

React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components RSC APIs, there is a potential client-side Cross-Site Scripting XSS vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not...

CVE-2026-33245

CVE-2026-33245 affects React Router versions 7.7.0–7.13.1 when using unstable React Server Components (RSC) APIs. The issue is a client-side XSS vulnerability in the RSC redirect handling if redirects originate from untrusted sources. Applications not using the unstable RSC APIs are not affected....

CVE-2026-33244 React Router has stored XSS via unescaped Location header in prerendered redirect HTML

React Router is a router for React. In versions 7.5.1 through 7.13.1, when using Framework Mode with pre-rendering enabled, improper neutralization of the HTTP Location header value can permit Cross-Site Scripting XSS in the statically generated HTML files if the redirect location comes from an...

CVE-2026-10245

A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this issue is the function createsupplier of the file /ShowForm/createsupplier/main. Executing a manipulation of the argument companyname can lead to cross site scripting. The attack can be launched...

CVE-2026-10246

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects the function createmedicinepresentation of the file /ShowForm/createmedicinepresentation/main. The manipulation of the argument medicinepresentation leads to cross site scripting. The attack may...

CVE-2026-30894

Lack of output escaping leads to a XSS vector in the content history component...

CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be...