CVE-2026-55464: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in grokability snipe-it
Snipe-IT versions prior to 8.6.2 contain a cross-site scripting (XSS) vulnerability due to improper sanitization of javascript: URIs in Markdown hyperlinks. A user with assets.edit permission can…
Read the full article4h agoen
You might also wanna read
No Manners Here: The Ruthless Rise of The Gentlemen Ransomware
radar.offseq.com·1h ago
CVE-2026-58588: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Drupal Canvas
radar.offseq.com·1h ago
CVE-2026-59155: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor in nezhahq nezha
radar.offseq.com·1h ago
CVE-2026-58591: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Colorbox
radar.offseq.com·1h ago
CVE-2026-58587: CWE-79 Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Drupal Drupal Canvas
radar.offseq.com·1h ago
CVE-2026-55809: CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes in Drupal Flag attendance field
radar.offseq.com·1h ago
Comments
Sign in to join the conversation.
No comments yet. Be the first.