CVE-2026-8604

In ScadaBR version 1.2.0, a CSRF vulnerability could allow an attacker to trigger any authenticated action through a victim's session by luring any logged-in user to a malicious webpage...

CVE-2025-59991 Junos Space: Device Management pages are vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the attacker to execute commands with the target's...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper filtering of repository URLs in the UI. An attacker can execute unauthorized API actions via the victim's session by injecting malicious JavaScript through crafted links. Details Cross-site...

svelte 跨站请求伪造漏洞

svelte is a new way to build web applications from Svelte Open Source. A security vulnerability exists in svelte Kit versions prior to 1.15.1, which originates from bypassing protection by specifying a different "Content-Type" header value. An attacker could exploit the vulnerability to perform...

UBUNTU-CVE-2021-39879

Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor authentication...