Lucene search
+L
VulnrichmentRecent

163937 matches found

Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.9 views

CVE-2026-47972 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.11 views

CVE-2026-47954 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.5AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.9 views

CVE-2026-47951 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.12 views

CVE-2026-47943 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.9 views

CVE-2026-47974 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-47942 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.5AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-48258 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-47975 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.12 views

CVE-2026-47962 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-47990 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-47970 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.5AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-47950 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.9 views

CVE-2026-47957 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-47948 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.5AI score0.00307EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-47986 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.12 views

CVE-2026-47966 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.9 views

CVE-2026-48301 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.11 views

CVE-2026-34692 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-47983 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.11 views

CVE-2026-48304 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.11 views

CVE-2026-47981 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.9 views

CVE-2026-48300 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.11 views

CVE-2026-47944 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.9 views

CVE-2026-47953 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-47946 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-47973 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-47987 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-47958 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-48265 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-48288 Adobe Experience Manager | Improper Input Validation (CWE-20)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.0041EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-48250 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.11 views

CVE-2026-48271 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.10 views

CVE-2026-47978 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-47949 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.8 views

CVE-2026-48299 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:48 p.m.12 views

CVE-2026-48266 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00283EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/09 4:46 p.m.16 views

CVE-2026-49959 Hermes WebUI < 0.51.311 RCE via Git Configuration Injection

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00945EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/09 4:35 p.m.14 views

CVE-2026-49958 Hermes WebUI < 0.51.303 TOCTOU Race Condition via git_discard

Hermes WebUI before version 0.51.303 contains a time-of-check time-of-use TOCTOU race condition vulnerability in the gitdiscard function within api/workspacegit.py that allows attackers to delete files outside the configured workspace boundary by replacing a validated path component with a symlin...

5CVSS5.6AI score0.00081EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 4:34 p.m.42 views

CVE-2026-22926

Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability...

7.8CVSS5.4AI score0.00132EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:25 p.m.23 views

CVE-2026-49957 Hermes WebUI < 0.51.296 Workspace Boundary Bypass via api/workspace.py

Hermes WebUI before version 0.51.296 contains a workspace boundary bypass vulnerability that allows authenticated attackers to circumvent blocked-root path checks by exploiting an early return in the SSH/remote terminal profile workspace resolution logic within remoteterminalworkspacecandidate...

7.7CVSS5.5AI score0.00421EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 4:22 p.m.9 views

CVE-2026-42599 Cross-site scripting via spread attributes in Svelte SSR

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

5CVSS5.5AI score0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:22 p.m.9 views

CVE-2026-42567 Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS5.4AI score0.00421EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:21 p.m.76 views

CVE-2026-42573 Svelte: XSS via DOM Clobbering of Internal Framework State

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

5.3CVSS5.3AI score0.00319EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:12 p.m.11 views

CVE-2026-42570 Svelte devalue: DoS via sparse array deserialization

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

7.5CVSS5.3AI score0.00393EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 4:11 p.m.14 views

CVE-2026-24180

NVIDIA DALI contains a vulnerability in a component where an attacker could cause a heap-based buffer overflow. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

7.3CVSS6AI score0.00154EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 4:11 p.m.12 views

CVE-2026-24181

NVIDIA DALI contains a vulnerability in a component where an attacker could cause an improper index validation. A successful exploit of this vulnerability might lead to code execution, data tampering, denial of service, and information disclosure...

7.3CVSS5.5AI score0.00139EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 4:10 p.m.11 views

CVE-2026-49956 Hermes WebUI < 0.51.269 Profile Isolation Bypass via sessions search

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/09 4:9 p.m.10 views

CVE-2026-46492 md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

7.2CVSS5.4AI score0.00213EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:5 p.m.9 views

CVE-2026-49848 FreeSWITCH: Pre-authentication `userVariables` injection in `mod_verto`

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's checkauth userauth branch wrote request-supplied userVariables into the...

4.3CVSS5.4AI score0.00172EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:5 p.m.11 views

CVE-2026-49955 Hermes WebUI < 0.51.270 Resource Exhaustion via passkey/options

Hermes WebUI before version 0.51.270 contains a resource exhaustion vulnerability that allows unauthenticated remote attackers to degrade service availability by repeatedly calling the passkey options endpoint without completing assertion. Attackers can send unlimited POST requests to the...

6.9CVSS5.5AI score0.00586EPSS
Exploits0References5
Total number of security vulnerabilities163937