CVE-2026-35407

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...

About the security content of visionOS 26.4

About the security content of visionOS 26.4 This document describes the security content of visionOS 26.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

PT-2025-20164 · Unknown · Ctltwp Wiki Embed

Name of the Vulnerable Software and Affected Versions: ctltwp Wiki Embed versions 1.4.6 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 1.4.6 and...

Mobile Vikings: Stored xss in user name

In prev report i showed xss in user name thru cookie, there is another place where this name shows and fired xss. After send auth request open https://mobilevikings.be/en/account/authorization/overview/ in account who send request and press "Remove authorization" and got another way to fire xss...