CVE-2026-50231 Lyrion Music Server 9.2.0 Unauthenticated Stored XSS via server.log

Lyrion Music Server 9.2.0 contains an unauthenticated stored cross-site scripting vulnerability in the log viewer that allows attackers to inject malicious scripts by exploiting unescaped template variables. Attackers can inject XSS payloads through search, lines, and path query parameters or by...

CVE-2026-33405 Pi-hole has a Stored HTML Injection in queries.js

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo function in queries.js renders data.upstream, data.client.ip, and data.ede.text into HTML without escaping when a user expands a...

Comelit App lejos de casa 安全漏洞

Comelit App lejos de casa is a home automation application from the Spanish company Comelit. A security vulnerability in Comelit App lejos de casa 2.8.0 allows attackers to elevate privileges via modified domain and log fields associated with js/bridge.min.js and login.json...