15 matches found
CVE-2026-49294
Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...
CVE-2026-49294 Valhalla has reflected XSS via unsanitized JSONP callback parameter
Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...
EUVD-2026-36741
Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...
CVE-2026-49294
Valhalla (open source routing engine) versions ≤ 3.6.3 are affected by a reflected XSS in the JSONP callback parameter. The input is reflected into the JavaScript response without validation or encoding, enabling an attacker to craft a URL whose callback contains arbitrary JavaScript. If a victim...
PT-2026-49261
Name of the Vulnerable Software and Affected Versions Valhalla versions prior to 3.6.4 Description Reflected cross-site scripting XSS occurs due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, the value is reflected directly into the...
This Week in Spring - September 9th, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring! I am home, ensconced in my studio here in somewhat sunny San Francisco, California, relaxing and trying to catch up on stuff I missed. As always, there's a ton! So let's dive right into it. Some of the amazing features that...
This Week in Spring - September 3rd, 2024
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's September 3rd, and I'm still buzzing from the last week's SpringOne extravaganza! Also: I'm tired. Last week was nuts. I'm super glad it happened, but I'm tired. And also buzzing. You know? Surely you don't. I hope not...
Fedora 38 : clamav (2024-92b8ac25a5)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-92b8ac25a5 advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...
Fedora 40 : clamav (2024-34474f346b)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-34474f346b advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...
Fedora 39 : clamav (2024-1a79c2ef63)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1a79c2ef63 advisory. ClamAV 1.0.6 is a critical patch release with the following fixes: Updated select Rust dependencies to the latest versions. This resolved Cargo audit...
A Bootiful Podcast: José Paumard, Java Champion alumnus and Java legend, on Project Loom, Valhalla, and more, from Devnexus 2023!
Hi, Spring fans! Welcome to another installment of A Bootiful Podcast. In this installment I'll talk to legendary Oracle Java Champion alumnus, Java advocate, professor emeritus, and all around amiable fellow José Paumard, recorded at the amazing Devnexus 2023 event! José's English-language Youtu...
DeepDotWeb, Wall St and Valhalla markets seized by authorities
By Uzair Amir Arrests have been made in Israel, Europe, Brazil, and the United States. The popular dark web news and index website DeepDotWeb DDW has been seized by the Federal Bureau of Investigation FBI. Those visiting the website can see a message left by the FBI on its homepage stating that...
Europol Shuts Down Two Major Illegal 'Dark Web' Trading Platforms
Europol announced the shut down of two prolific dark web marketplaces—Wall Street Market and Silkkitie also known as Valhalla—in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods. Police in wester...
valhallaschools.org XSS vulnerability
Vulnerable URL: http://valhallaschools.org/apps/search/index.jsp Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1015510 VIP website status:| No Coordinated Disclosure Timeline:...
Valhalla Lost - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Valhalla Lost published at the 'play' market has multiple vulnerabilities...