CVE-2026-47935 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

CVE-2021-29953

A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. Note: This issue only affected Firefox for Android. Other operating systems are unaffected...

The vulnerability of the iOS operating system, the multimedia player iTunes, and the web browser Safari allows a perpetrator to obtain confidential information from the process’s memory.

The vulnerability of the WebKit component of the iOS operating system, the multimedia player iTunes, and the browser Safari is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information from...

Trend Micro Deep Discovery Inspector 3.8/3.7 - Cross-Site Request Forgery

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-DDI-CSRF.txt Vendor: ==================== www.trendmicro.com Product: ========================================= Trend Micro Deep Discovery Inspector V3.8, 3.7 Deep...

How to Hack Millions of Android Phones Using Stagefright Bug, Without Sending MMS

Earlier this week, security researchers at Zimperium revealed a high-severity vulnerability in Android platforms that allowed a single multimedia text message to hack 950 Million Android smartphones and tablets. As explained in our previous article, the critical flaw resides in a core Android...