EUVD-2026-35604

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

CVE-2026-47973

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

CVE-2026-47935

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

CVE-2026-48268 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

CVE-2026-47951

Adobe Experience Manager (AEM) on versions 6.5.24, LTS SP1, 2026.04 and earlier is affected by a stored Cross-Site Scripting (XSS) vulnerability in vulnerable form fields. A low-privileged attacker can inject malicious scripts that are executed in the victim’s browser when visiting a page contain...

CVE-2026-47987

Adobe Experience Manager (AEM) prior to certain updates is affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. Affected versions: AEM 6.5.24, LTS SP1, 2026.04 and earlier. The issue allows an attacker to manipulate the DOM to execute malicious JavaScript in the victim’s browser, req...

PT-2026-48091

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

PT-2026-48056

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

PT-2026-48087

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

PT-2026-48090

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

CVE-2026-42368 GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability...

PT-2026-32446

Name of the Vulnerable Software and Affected Versions Decidim versions prior to 0.30.5 Decidim versions 0.31.0.rc1 through 0.31.0 Description A stored code execution issue in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively...

CVE-2025-64538

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the...

CVE-2025-64537

Adobe Experience Manager versions 6.5.23 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could lead to arbitrary code execution. An attacker could exploit this vulnerability by injecting malicious scripts into a web page that are executed in the context of the...

CVE-2025-54266

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ma...

GHSA-PCRX-R49H-X2W5 Magento vulnerable to stored Cross-Site Scripting (XSS)

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be...

CVE-2025-54266

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ma...

CVE-2025-54266 Adobe Commerce | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript ma...

EUVD-2023-49395

Malicious code in bioql PyPI...

EUVD-2023-55172

Malicious code in bioql PyPI...