CVE-2026-25789

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

BIT-PHP-2026-6735 XSS within PHP-FPM status endpoint

In PHP versions 8.2. before 8.2.31, 8.3. before 8.3.31, 8.4. before 8.4.21, 8.5. before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code XSS on the target's machine when the target is viewing...

CVE-2026-25789

Technical details about CVE-2026-25789 are not publicly available in the provided documents. Monitor for updates from Siemens and CVE records.

CVE-2026-25789

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

CVE-2026-25789

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

CVE-2026-42455

Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. In versions 2.14.0 and prior, the archive upload endpoint POST /api/v1/archives/linkId?format=4 accepts HTML files text/html without sanitizing JavaScript content. When the archive i...

CVE-2026-41456

Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers to inject arbitrary JavaScript by crafting a malicious search query. Attackers can execute malicious scripts in the browsers of users who visit...

Joern 4.0.537

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained security vulnerabilities, which were caused by issues with the JavaScript Engine component...

Mozilla Firefox 缓冲区错误漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a buffer error vulnerability, which was caused by a boundary condition error in the JavaScript Engine’s JIT component...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.168 contained a security vulnerability, which was caused by a type confusion issue in the V8 component. This vulnerability could allow remote attackers to obtain potentially sensitive information...

CVE-2025-70842

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

PT-2026-40541

Name of the Vulnerable Software and Affected Versions protobufjs-cli versions prior to 1.2.1 protobufjs-cli versions prior to 2.0.2 Description Static code generation via pbjs can emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a security vulnerability, which was caused by a compilation error in the JavaScript Engine’s JIT component...

PT-2026-40033

A Stored Cross-Site Scripting XSS vulnerability was discovered in the File Management module of FluentCMS 1.2.3. The flaw allows an authenticated administrator to upload crafted SVG files containing malicious JavaScript code. Once uploaded, the script executes in the browser of any user who...

PT-2026-40539

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 7.5.6 protobufjs versions prior to 8.0.2 Description JavaScript generated for toObject conversion may include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor...

PT-2026-40336

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open-source web browser developed by the Mozilla Foundation in the United States. Versions of Mozilla Firefox prior to 150.0.3 contained a security vulnerability, which was caused by the reuse of the JavaScript: WebAssembly component after it was released...

ciguard 安全漏洞

Ciguard is a security auditing and visualization tool for CI/CD pipelines developed by Johannes Moore. Versions of Ciguard from 0.6.0 to 0.8.1 contain security vulnerabilities. These vulnerabilities stem from the SCa HTTP client’s use of json.loads without setting a maximum byte limit, which can...

PT-2026-40022

Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150.0.3...