340 matches found
CVE-2026-55877
Symfony UX is a JavaScript ecosystem for Symfony. From 2.17.0 before 2.36.1 and from 3.0.0 before 3.2.0, the uxicon Twig function is marked issafe='html' and Icon::toHtml inlines SVG source verbatim, allowing unsanitized local SVG files or Iconify on-demand JSON body responses containing nested...
PT-2026-54113
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in CSS allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that enables the execution of arbitrary scripts ...
symfony/ux-icons XSS via unsanitized SVG content in local files and Iconify on-demand responses
Description The uxicon Twig function is marked issafe='html', so Twig never escapes its output. Icon::toHtml inlines the SVG source verbatim into the page. Browsers execute elements and on event-handler attributes found inside inline SVG, making any unsanitized icon a vector for cross-site...
CVE-2026-32607 Discourse: Stored XSS via unescaped assignee name
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, when the hidden prioritizefullnameinux site setting is enabled defaults to false, requires console access to change, user...
PT-2026-7190
Tanium addressed an arbitrary file deletion vulnerability in end-user-cx...
Building a Transparent Keyserver
Today, we are going to build a keyserver to lookup age public keys. That part is boring. What’s interesting is that we’ll apply the same transparency log technology as the Go Checksum Database to keep the keyserver operator honest and unable to surreptitiously inject malicious keys, while still...
How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?
The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak...
EUVD-2017-11837
Malware in sbrugna...
EUVD-2021-26346
Malware in sbrugna...
EUVD-2017-14116
Malware in sbrugna...
EUVD-2014-6436
Malware in sbrugna...
EUVD-2020-19366
Malware in sbrugna...
Selecting Cybersecurity Requirements: Effects of LLM Use and Professional Software Development Experience
This study investigates how access to Large Language Models LLMs and varying levels of professional software development experience affect the prioritization of cybersecurity requirements for web applications. Twenty-three postgraduate students participated in a research study to prioritize...
EUVD-2024-2951
Malicious code in bioql PyPI...
Generative Engine Optimisation: What It Is and Why You Need an Agency for It
As digital marketing keeps changing, staying ahead means adopting the latest strategies that enhance online visibility and user…...
MAL-2025-38022 Malicious code in ux-aspects (npm)
The package ux-aspects was found to contain malicious code...
Malicious code in ux-aspects (npm)
The package ux-aspects was found to contain malicious code...
Human-Centred AI in FinTech: Developing a User Experience (UX) Research Point of View (PoV) Playbook
Advancements in Artificial Intelligence AI have significantly transformed the financial industry, enabling the development of more personalized and adaptable financial products and services. This research paper explores various instances where Human-Centred AI HCAI has facilitated these...
A week with a "smart" car
Welcome to this week's edition of the Threat Source newsletter. June 9 was Whit Monday -- a bank holiday here in Germany -- so I decided to take the whole week off. It turned out to be the perfect opportunity to try out a brand new car. Little did I know, I was about to get a crash course in mode...
Description of the security update for SharePoint Enterprise Server 2016: June 10, 2025 (KB5002732)
None None...