CVE-2026-49294

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

CVE-2026-49294

Valhalla (open source routing engine) versions ≤ 3.6.3 are affected by a reflected XSS in the JSONP callback parameter. The input is reflected into the JavaScript response without validation or encoding, enabling an attacker to craft a URL whose callback contains arbitrary JavaScript. If a victim...

CVE-2026-49294 Valhalla has reflected XSS via unsanitized JSONP callback parameter

Valhalla is an open source routing engine and accompanying libraries for use with OpenStreetMap data. Versions 3.6.3 and prior are vulnerable to reflected cross-site scripting XSS due to improper neutralization of input in the JSONP callback parameter. When a request specifies a JSONP callback, t...

Europol Shuts Down Two Major Illegal 'Dark Web' Trading Platforms

Europol announced the shut down of two prolific dark web marketplaces—Wall Street Market and Silkkitie also known as Valhalla—in simultaneous global operations against underground websites for trading drugs, stolen credit card numbers, malicious software, and other illegal goods. Police in wester...