CVE-2026-8403

CVE-2026-8403 describes a Stored XSS in Eksagate SYSGUARD 6001 (2.0.2 before 6.1.4.0). The vulnerability stems from improper neutralization of input during web page generation. Affected product is SYSGUARD 6001; vendor is not supported per notes. CVSSv3.1 base score 6.1 (MEDIUM) with Network atta...

Agentejo Cockpit 0.10.2 - Cross-Site Scripting

Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content. id: CVE-2020-14408 info: name: Agentejo Cockpit 0.10.2 ...

Moodle LTI module Reflected - Cross-Site Scripting

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's brows...

FortiWeb - Cross Site Scripting

FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points. id: CVE-2021-22122 info: name:...

DEBIAN-CVE-2026-13033

Out of bounds read and write in BlinkInterestGroups in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-13034

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-13023

Uninitialized Use in GPU in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

CVE-2026-13034

Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. Chromium security severity: High...

CVE-2026-13031

CVE-2026-13031 is a use-after-free in Blink (Chrome) prior to 149.0.7827.197, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Affected component: Blink in Google Chrome. Root cause: use-after-free in the browser’s rendering engine. Impact: high (arbi...

EUVD-2026-39040

Race in DevTools in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

EUVD-2026-39042

Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2026-13038

Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

PT-2026-51820

Name of the Vulnerable Software and Affected Versions OpenText Access Manager versions 5.1 through 5.1.2 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS, a condition where malicious scripts are injected into trusted websites. Recommendations...

CVE-2026-10857

CVE-2026-10857 – Reflected XSS in AKINSoft e-Commerce Affected product: AKIN Software Computer Import Export Industry and Trade Ltd. E-Commerce.Vulnerability: Reflected Cross-Site Scripting due to improper neutralization of input during web page generation.Root cause: insufficient sanitization of...

CVE-2026-12621 Cross-Site Scripting (XSS) Vulnerability in Password Reset Redirect in GridTime™ 3000 GNSS Time Server

Improper neutralization of input during web page generation XSS vulnerability in the GridTime 3000 password reset form allows XSS. This issue affects GridTime 3000: from 1.0r0.03 before 1.2r0.0...

EUVD-2026-38038

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

CVE-2026-12619 GridTime™ 3000 GNSS Time Server CSRF to XSS

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Microchip GridTime 3000 allows Cross-Site Scripting XSS. This issue affects GridTime 3000: from 1.0r0.03 through 1.1r0.0...

Astra Linux – Vulnerability in Chromium

Inappropriate implementations of Skia in Google Chrome prior to version 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

The use of after-free in Dawn, prior to version 130.0.6723.58, allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

Astra Linux – Vulnerability in Chromium

Before version 91.0.4472.164, using "after free" in WebSerial with Google Chrome allowed a remote attacker to potentially exploit heap corruption through a crafted HTML page...