CVE-2026-25154 LocalSend has Stored XSS in Web Share Interface via Filename

LocalSend is a free, open-source app that allows users to share files and messages with nearby devices over their local network without needing an internet connection. In versions up to and including 1.17.0, when a user initiates a "Share via Link" session, the LocalSend application starts a loca...

PT-2024-26115 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.139 Description: The issue arises from a Prototype Pollution vulnerability in the /public/js/main.js source file. This vulnerability occurs because the getQueryParam function recursively merges an object...

GHSA-7F3X-2WCX-HWW8 steal vulnerable to Regular Expression Denial of Service via input variable

A Regular Expression Denial of Service ReDoS flaw was found in stealjs steal via the input variable in main.js...

Subscription-Manager 跨站脚本漏洞

Subscription-Manager is a subscription management system by the individual developer of China's JiYouRan youranreus. A cross-site scripting vulnerability exists in Subscription-Manager v1.0, which stems from a lack of filtering and escaping of the machineDetail parameter in /main.js...