Multi-Agent Taint Specification Extraction for Vulnerability Detection

Static Application Security Testing SAST tools using taint analysis are widely viewed as providing higher-quality vulnerability detection results compared to traditional pattern-based approaches. However, performing static taint analysis for JavaScript poses two major challenges. First,...

PT-2026-3073

Name of the Vulnerable Software and Affected Versions LaSuite Doc versions 3.8.0 through 4.3.0 Description LaSuite Doc is a collaborative note taking, wiki and documentation platform. A Stored Cross-Site Scripting XSS issue exists in the Interlinking feature. When a user creates a link to another...

PT-2026-3114

Name of the Vulnerable Software and Affected Versions Cyber Cafe Management System version 1.0 Description A stored cross-site scripting XSS issue exists. An authenticated attacker can inject arbitrary JavaScript code into the username parameter through the ''/add-users.php'' endpoint. The inject...

PT-2026-3057

Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer...

PT-2026-3004

Name of the Vulnerable Software and Affected Versions AffiliateX – Amazon Affiliate Plugin versions 1.0.0 through 1.3.9.3 Description The AffiliateX – Amazon Affiliate Plugin for WordPress is susceptible to unauthorized data modification because of a missing capability check on the save...

ALSA-2026:0667 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memor...

openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20014-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20014-1 advisory. Changes in MozillaFirefox: Firefox Extended Support Release 140.6.0 ESR was released: Fixed: Various security fixes. MFSA 2025-94 bsc1254551:...

ALSA-2026:0694 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memor...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Spoofing issue in the Downloads Panel component CVE-2025-14327 firefox: Use-after-free in the JavaScript: GC component CVE-2026-0885 firefox: thunderbird: Memor...

CVE-2022-50896

Testa 3.5.1 contains a reflected cross-site scripting vulnerability in the login.php redirect parameter that allows attackers to inject malicious scripts. Attackers can craft a specially encoded payload in the redirect parameter to execute arbitrary JavaScript in victim's browser context...

CVE-2023-53985

Zstore, now referred to as Zippy CRM, 6.5.4 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through unvalidated input parameters. Attackers can submit crafted payloads in manual insertion points to execute arbitrary JavaScript code in...

CVE-2022-50891

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...

CVE-2026-0601

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...

CVE-2026-0601 Nexus Repository 3 - Cross-Site Scripting

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...

CVE-2026-0601

A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction...

CVE-2026-0601

CVE-2026-0601 is a reflected XSS affecting Nexus Repository 3. An unauthenticated attacker can cause arbitrary JavaScript execution in a victim’s browser by sending a crafted request that requires user interaction. The vulnerability impacts the Nexus Repository 3 ecosystem (notably the nexus-extd...

CVE-2025-71164

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

CVE-2025-71164

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

EUVD-2026-2437

Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting XSS vulnerability in the Editing component. The images parameter submitted as images in a POST request is reflected into an HTML href attribute without proper context-aware output encoding in...

CVE-2025-71164

Typesetter CMS