Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting

The Beautiful Cookie Consent Banner for WordPress is vulnerable to Stored Cross-Site Scripting via the 'nscbarcontenthref' parameter in versions up to, and including, 2.10.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Ironic Standalone Operator's controller modifies user-owned resources without consent

Impact The Ironic Standalone Operator IRSO is the operator to maintain an Ironic deployment for Metal3. IRSO controller automatically adds its environment label to user-provided Secrets and ConfigMaps without the resource owner's consent. A high-privilege controller modifying user-owned resources...

Malicious code in shizukyu (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 31c8d6ffda18d74aa3d25ab3804e721a72dc385d89f2742d7c9e967919b27449 The package exports a single function shizukuChsocket that accepts a caller's authenticated Baileys WhatsApp socket and invokes...

MAL-2026-4753 Malicious code in gt-tester-exp-profiler-exp-00000017 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1490f970bd52c80c89f33029f9e875f1fb595014621d50e0ce87a167d1cd348 setup.py installs a site-wide.pth file gttesterexpprofilerexp00000017probe.pth into site-packages that imports the package's probe module and calls...

Malicious code in gt-tester-exp-profiler-exp-00000017 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f1490f970bd52c80c89f33029f9e875f1fb595014621d50e0ce87a167d1cd348 setup.py installs a site-wide.pth file gttesterexpprofilerexp00000017probe.pth into site-packages that imports the package's probe module and calls...

Malicious code in acc-document-editing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c82ee7b879d66ba2fb79ec7ad7fee47623c2c3b68c8a925510b1f42cd1e3456 The DocumentEditor React component exported by this package, when an end-user opens a.doc file, POSTs the raw file bytes to...

MAL-2026-4474 Malicious code in acc-document-editing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c82ee7b879d66ba2fb79ec7ad7fee47623c2c3b68c8a925510b1f42cd1e3456 The DocumentEditor React component exported by this package, when an end-user opens a.doc file, POSTs the raw file bytes to...

Android Malware Spotted Subscribing Victims to Paid Services Without Consent

Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills...

The New Phishing Click: How OAuth Consent Bypasses MFA

In February 2026, a phishing-as-a-service PhaaS platform called EvilTokens went live. Within five weeks, it had compromised more than 340 Microsoft 365 organizations across five countries. The targets of the platform received a message asking them to enter a short code at microsoft.com/devicelogi...

CVE-2026-6339 Missing request origin validation on burn-on-read reveal endpoint

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override

Summary fides.js is the script that renders Fides's consent banner on customer websites. It lets the embedding page override the banner's description text at runtime via a URL query parameter, a JavaScript global, or a cookie. On sites that have opted into HTML-formatted descriptions, the...

GHSA-5QRQ-9645-G5G2 ethyca-fides has a DOM-based XSS vulnerability in fides.js via fides_description override

Summary fides.js is the script that renders Fides's consent banner on customer websites. It lets the embedding page override the banner's description text at runtime via a URL query parameter, a JavaScript global, or a cookie. On sites that have opted into HTML-formatted descriptions, the...

CVE-2026-28993

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

EUVD-2026-29286

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

CVE-2026-28993

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

CVE-2026-28993

CVE-2026-28993 affects Apple platforms and is described as an issue where an app may access user-sensitive data. The initial entry notes that the vulnerability was addressed by adding an additional prompt for user consent and lists fixes in multiple platforms/versions: iOS 18.7.9, iPadOS 18.7.9, ...

CVE-2026-28993

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

CVE-2026-28993

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS prior to Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5 contain security vulnerabilities due to race condition issues, which may allow applications to access the contact...

PT-2026-39828

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. An app may be able to access user-sensitive data...