PT-2026-4779

Grav CMS 1.6.30 with Admin Plugin 1.9.18 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the page title field. Attackers can create a new page with a malicious script in the title, which will be executed when the pag...

PT-2026-4805

Name of the Vulnerable Software and Affected Versions KubeVirt Containerized Data Importer CDI affected versions not specified Description A flaw exists in KubeVirt Containerized Data Importer CDI that allows a user to clone PersistentVolumeClaims PVCs from unauthorized namespaces. This can lead ...

Grav CMS cross-site scripting vulnerability

Grav CMS is an open-source file-based content management system developed by Grav. Grav CMS 1.9.18 contains a cross-site scripting vulnerability; this vulnerability stems from a persistent cross-site scripting in the page title field, which may allow for the execution of malicious scripts...

exploitRag-FullStack

ExploitRAG - RAG-based Cybersecurity Chat System A production...

Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access

Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages stolen credentials to deploy legitimate Remote Monitoring and Management RMM software for persistent remote access to compromised hosts. "Instead of deploying custom viruses, attackers are bypassing...

CVE-2026-0788

ALGO 8180 IP Audio Alerter Web UI Persistent Cross-Site Scripting Vulnerability. This vulnerability allows remote attackers to execute web requests with a target user's privileges on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is not required to exploit this...

CVE-2021-47858

Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting (XSS) vulnerability in the start_addr field of the Security Management interface. The vulnerability allows injecting scripts that persist and execute for privileged users when they access the security management page. A P...

CVE-2021-47857

CVE-2021-47857 affects Moodle 3.10.3 and is a persistent cross-site scripting (XSS) vulnerability in the calendar event subtitle field. The underlying issue allows an attacker to inject malicious JavaScript into the subtitle track label of a crafted calendar event, with code execution possible wh...

CVE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting

Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...

Malicious code in oce-collaborate (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d8f69f2284ec7835136d41eb191227cc52ebfeafd3b33c0f7ce2d94ffd24cb88 The package oce-collaborate was found to contain malicious code. Source: ghsa-malware c217eb60fb78e5a6fde1b59cd586b4ad864bd1ad9cde77d6b50a79341d4d58d...

Malicious code in internallib_v962 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9664f22a915362fceed28ec2e15ea4bfbc16dbdd91cb358cba05ef247fec36a5 The package internallibv962 was found to contain malicious code. Source: ghsa-malware 1e08ba6555343cafd51a03a186572eaf33065999ee721770a8d507645826dfd...

MAL-2026-385 Malicious code in blocks-builder-manifest-generator (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 30f5efa34a1c44d974502110177cb7a60daf579349ed25937e66e342f7f7c24f The package blocks-builder-manifest-generator was found to contain malicious code. Source: ghsa-malware...

MAL-2026-401 Malicious code in victim-package-c (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 184f83df9021c2d9d54bd3201652ab449b3c54a606b87c484d0a16a657005cf8 The package victim-package-c was found to contain malicious code. Source: ghsa-malware c9415f83d650ad0546aeb398d909c1b7aa8c983d9ca0c37f72e68526eaf6bb...

MiracleLinux 7 : flatpak-1.0.9-13.0.1.el7.AXS7 (AXSA:2024-8901:07)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8901:07 advisory. CVE-2024-42472: access to files outside sandbox for apps using persistent directories CVEs: CVE-2024-42472 Flatpak is a Linux application sandboxing and...

PT-2026-3546

On an instance of TwinCAT 3 HMI Server running on a device an authenticated administrator can inject arbitrary content into the custom CSS field which is persisted on the device and later returned via the login page and error page...

MiracleLinux 8 : 389-ds:1.4 (AXSA:2022-3115:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3115:01 advisory. 389-ds-base: double free of the virtual attribute context in persistent search CVE-2021-4091 Tenable has extracted the preceding description block directly...

Malicious code in tailwin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1c6f42d8ac771f7de2a89b36d91afb6db0c0445c7c3b9c4c094cf74b1448343d The package tailwin was found to contain malicious code. Source: ghsa-malware 25f1e8ebfcada6d9b8288179365d666ecc4679a549f815f6715e35fc614e03e2 Any...

Techniques of Modern Attacks

The techniques used in modern attacks have become an important factor for investigation. As we advance further into the digital age, cyber attackers are employing increasingly sophisticated and highly threatening methods. These attacks target not only organizations and governments but also extend...

CVE-2026-23725

WeGIA is a web manager for charitable institutions. Prior to 3.6.2, a Stored Cross-Site Scripting XSS vulnerability was identified in the html/pet/adotantes/cadastroadotante.php and html/pet/adotantes/informacaoadotantes.php endpoint of the WeGIA application. The application does not sanitize...

CVE-2021-47839

A flaw was found in Marky. This persistent cross-site scripting XSS vulnerability allows attackers to inject malicious scripts into markdown files. Attackers can upload specially crafted markdown files containing JavaScript code. When these files are opened, the embedded scripts execute,...