SUSE CVE-2026-22808

fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token FLEET::authtoken from localStorage...

CVE-2026-24399 ChatterMate has Stored Cross-Site Scripting (XSS) via Chatbot Input Execution

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...