CVE-2026-27517

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user...

GHSA-V264-XQH4-9XMM OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE

Summary OneUptime lets project members write custom JavaScript that runs inside monitors. The problem is it executes that code using Node.js's built-in vm module, which Node.js itself documents as "not a security mechanism — do not use it to run untrusted code." The classic one-liner escape gives...

OneUptime:: node:vm sandbox escape in probe allows any project member to achieve RCE

Summary OneUptime lets project members write custom JavaScript that runs inside monitors. The problem is it executes that code using Node.js's built-in vm module, which Node.js itself documents as "not a security mechanism — do not use it to run untrusted code." The classic one-liner escape gives...

CVE-2026-27568

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

CVE-2026-27519 Binardat 10G08-0800GSM Network Switch Hard-coded RC4 Encryption Key

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior use RC4 with a hard-coded key embedded in client-side JavaScript. Because the key is static and exposed, an attacker can decrypt protected values and defeat confidentiality protections...

CVE-2026-27519

Binardat 10G08-0800GSM network switch firmware up to version V300SP10260209 uses RC4 with a hard-coded key embedded in client-side JavaScript. The static key enables an attacker to decrypt protected values, defeating confidentiality protections. Affected component: firmware (vulnerable RC4 implem...

CVE-2026-27517 Binardat 10G08-0800GSM Network Switch XSS

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior reflect unsanitized user input in the web interface, allowing an attacker to inject and execute arbitrary JavaScript in the context of an authenticated user...

CVE-2026-27568

WWBN AVideo (open source video platform) is affected prior to version 21.0 by CVE-2026-27568, where Markdown in video comments processed by Parsedown v1.7.4 without Safe Mode allows javascript: URIs to be rendered as links. An authenticated low-privilege attacker can post a malicious comment whos...

CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

CVE-2026-2796

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2795

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2801

Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2797

Use-after-free in the JavaScript: GC component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2804

Use-after-free in the JavaScript: WebAssembly component. This vulnerability affects Firefox 148 and Thunderbird 148...

CVE-2026-2796

JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2804

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2795

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

CVE-2026-2797

Use-after-free in the JavaScript: GC component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...