CVE-2026-0776

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0788 ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability

ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

CVE-2026-0788 ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability

ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

(0Day) Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the discordrpc module...

FreeBPX 17.0.x < 17.0.23 Authentication Bypass

According to its self-reported version number, the FreePBOX application running on the remote host is prior to 16.0.44 or 17.x prior to 17.0.23. It is, therefore, affected by an authentication bypass when providing an Authorization header with an arbitrary value, a session is associated with the...

Alibaba Cloud Workspace Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Alibaba Cloud Workspace Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-59983

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-59994

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-59997

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlets pages that, when visited by another user, enable the attacker to execute commands with the target's...

EUVD-2025-33369

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlets pages that, when visited by another user, enable the attacker to execute commands with the target's...

EUVD-2025-33361

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the CLI Configlet page that, when visited by another user, enables the attacker to execute commands with the target's...

EUVD-2025-33379

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...

EUVD-2025-33367

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the API Access Profiles page that, when visited by another user, enables the attacker to execute commands with the target...

EUVD-2025-33372

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...

EUVD-2025-33365

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...

EUVD-2025-33370

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target'...

CVE-2025-59990

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the template creation pages that, when visited by another user, enable the attacker to execute commands with the target's...

CVE-2025-59992

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Secure Console page that, when visited by another user, enables the attacker to execute commands with the target's...

CVE-2025-59988

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's...