UBUNTU-CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulne...

PT-2026-46044

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user can persist arbitrary HTML or JavaScript within the email id or mobile no fields of a Customer record. This leads to unescaped rendering in the Point of Sale POS interface for any...

CVE-2026-39107

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...

PT-2026-45989

Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads in multiple configuration sections without proper input validation or output encoding...

PT-2026-46108

It was discovered that Template-Toolkit did not properly escape single quotes in the html filter function of Template::Plugin::HTML. An attacker could possibly use this issue to inject arbitrary HTML and JavaScript into generated output...

PT-2026-46103

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...

PT-2026-46005

Name of the Vulnerable Software and Affected Versions Kimi AI version 1.0 Description A Cross Site Scripting issue exists in the 'Preview' feature of the web interface. The application does not properly sanitize or encode HTML or JavaScript payloads produced by the AI model. When a user accesses...

PT-2026-46043

Name of the Vulnerable Software and Affected Versions ERPNext version 16.16.0 Description An authenticated user with permissions to edit Item records can inject arbitrary HTML or JavaScript into the item name, description, or image fields of an Item. This leads to unescaped rendering in the Point...

CVE-2026-39107

CVE-2026-39107 affects the Kimi AI v1.0 web interface, specifically the Preview feature. The issue is a Cross Site Scripting vulnerability where HTML/JavaScript payloads generated by the AI model are not properly sanitized or encoded, causing the payload to be rendered into the DOM when users vie...

PT-2026-46117

Node names long name, short name received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor...

PT-2026-46118

Name of the Vulnerable Software and Affected Versions Docling versions 2.82.0 through 2.90.x Description When the HTML backend is explicitly configured for rendering, the Playwright-based rendering feature allows JavaScript execution and unrestricted network access during the processing of...

EUVD-2026-34156

A Cross Site Scripting vulnerability exists in the Kimi AI v1.0 web interface's 'Preview' feature. The application fails to properly sanitize or encode HTML/JavaScript payloads generated by the AI model. When a user switches to the 'Preview' tab to view AI-generated code, the malicious payload is...

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

CVE-2026-10702 JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

EUVD-2026-33990

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

CVE-2026-10702 JIT miscompilation in the JavaScript Engine: JIT component

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

CVE-2026-10702

CVE-2026-10702 is a Firefox issue involving a JIT miscompilation in the JavaScript Engine (JIT component). The vulnerability was fixed in Firefox 151.0.3. The CVSS score is 4.3 (Medium) with network attack vector, user interaction required, and availability impact of Low. Affected product: Mozill...

CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...

CVE-2026-10702

JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 151.0.3...