WordPress Newspaper < 12 - Cross-Site Scripting

WordPress Newspaper theme before 12 is susceptible to cross-site scripting. The does not sanitize a parameter before outputting it back in an HTML attribute via an AJAX action. An attacker can potentially execute malware, obtain sensitive information, modify data, and/or execute unauthorized...

EUVD-2026-34656

Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-11270

Inappropriate implementation in UI in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11255

Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11087

Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Linux Distros Unpatched Vulnerability : CVE-2018-6039

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient data validation in DevTools in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak user cross-origin data via a...

Malicious code in @sas-dvr/nova-crossorigin-auth (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f1c862311f1c77bb8bff4654f153e9035315f16804a207d72efd9f06d5d35aaf The OpenSSF Package Analysis project identified '@sas-dvr/nova-crossorigin-auth' @ 132.0.0 npm as malicious. It is considered malicious because:...

rockslab.org Cross Site Scripting vulnerability OBB-3914398

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

naturewalkoutdoors.com Cross Site Scripting vulnerability OBB-3903805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2022:40696-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

apsc.or.kr Cross Site Scripting vulnerability OBB-1496094

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

BugPoC: Solution to the XSS Challenge

Summary: This challenge is very tricky and advanced. I have reached a part where I can execute my JS code, but that payload is blocked as of now by "allow-modals" missing value in the "sandbox" attribute. Following is a better explanation of where I am right now. Steps To Reproduce: 1. Keep the...

nwohl.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1098656 Security Researcher Gh05tPT Helped patch 6893 vulnerabilities Received 10 Coordinated Disclosure badges Received 48 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting nwohl.com website and it...

telekom.turtl.co XSS vulnerability

Open Bug Bounty ID: OBB-636625 Description| Value ---|--- Affected Website:| telekom.turtl.co Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

chromium-browser: user information leak via svg

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page...

Solaris Update for rsh/rlogin/rcp/rdist 140159-02

Check for the Version of rsh/rlogin/rcp/rdist OpenVAS Vulnerability Test Solaris Update for rsh/rlogin/rcp/rdist 140159-02 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...