Stored XSS Archives • Daily CyberSecurity

Critical TinyMCE Cross Site Scripting Flaws Threaten Millions of Applications TinyMCE cross site scripting stored XSS vulnerability

Critical TinyMCE Cross Site Scripting Flaws Threaten Millions of Applications

Do Son June 10, 2026

Large-Scale Content Editor Flaws Expose Enterprise Platforms A widespread security alert has emerged for web developers utilizing...

Broadcom Fixes Critical VMware Stored XSS Bugs VMware stored XSS bugs Broadcom security updates CVE-2023-34039 VMware RCE, virtualization security

VMware stored XSS bugs Broadcom security updates CVE-2023-34039 VMware RCE, virtualization security

Broadcom Fixes Critical VMware Stored XSS Bugs

Do Son June 8, 2026

Broadcom recently issued an important patch advisory for its enterprise virtualization platform. The company resolved multiple VMware...

Critical PrestaShop Flaw Allows Hijacking via “Contact Us” Form PrestaShop XSS Vulnerability CVE-2026-44212

Critical PrestaShop Flaw Allows Hijacking via “Contact Us” Form

Do Son May 12, 2026

PrestaShop, the global open-source e-commerce powerhouse known for its highly customizable PHP architecture and responsive design, has...

Zabbix Flaws Allow Monitored Hosts to Hijack Admin Dashboards Zabbix XSS Vulnerabilities CVE-2026-23926 zabbix - CVE-2024-22116 Zabbix SQL Injection CVE-2026-23921

Zabbix XSS Vulnerabilities CVE-2026-23926 zabbix - CVE-2024-22116 Zabbix SQL Injection CVE-2026-23921

Zabbix Flaws Allow Monitored Hosts to Hijack Admin Dashboards

Do Son May 8, 2026

Zabbix, the ubiquitous open-source monitoring solution used by enterprises to track the health of vast IT infrastructures,...

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover mailcow XSS CVE-2026-40872

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover

Do Son April 23, 2026

The popular open-source groupware suite mailcow: dockerized is facing a high-stakes security challenge. A critical Stored Cross-Site...

Critical XSS Flaw in RustFS Exposes S3 Storage to Total Admin Account Takeovers RustFS XSS Vulnerability CVE-2026-27822

Critical XSS Flaw in RustFS Exposes S3 Storage to Total Admin Account Takeovers

Do Son February 27, 2026

RustFS is an open-source, high-performance distributed object storage system that is built in the Rust programming language....

Samsung MagicInfo9 Vulnerability CVE-2026-25202 Galaxy S26 benchmarks Samsung HBM4 NVIDIA certification Samsung Bixby Perplexity integration, One UI 8.5 AI assistant Samsung Taylor 2nm mass production, TSMC 2nm capacity constraint 2026 Samsung SATA SSD Discontinuation, SSD Market Shift Samsung SATA SSD Discontinuation, M.2 Market Shift Samsung Foundry 4nm Yield Tsavorite OPU Chip Order Samsung Project Moohan, Android XR Samsung OpenAI Partnership, AI Infrastructure Samsung Exynos 2600, 2nm GAA Tesla AI Chips, Samsung Foundry Deal Samsung Foldables, Galaxy Unpacked 2025 Samsung AI, Perplexity AI Samsung data breach Q990D firmware US tariffs

Signage Hijack: Samsung MagicInfo9 Flaws (CVSS 9.8) Expose Servers

Do Son February 5, 2026

Samsung’s MagicInfo9 Server, a widely used solution for managing digital signage displays, has been struck by a...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2026-0695: High-Severity XSS Flaw Patched in ConnectWise PSA 2026.1

Do Son January 19, 2026

ConnectWise has released a crucial security update for its Professional Services Automation (PSA) platform, addressing two significant...

CISA Flags Actively Exploited OpenPLC Flaw (CVE-2021-26829) n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

n8n RCE Vulnerability CVE-2025-68613 CISA KEV WinRAR Zero-Day, Cloud Files UAF OpenPLC ScadaBR, CVE-2021-26829 CISA KEV, Gladinet LFI RCE XWiki RCE, VMware EoP CISA KEV CISA, Known Exploited Vulnerabilities CVE-2020-2883 CISA, Trend Micro

CISA Flags Actively Exploited OpenPLC Flaw (CVE-2021-26829)

Do Son November 29, 2025

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new mandate for federal agencies to secure...

Security Alert: Apache SkyWalking Stored XSS Vulnerability (CVE-2025-54057) Apache SkyWalking, CVE-2025-54057

Security Alert: Apache SkyWalking Stored XSS Vulnerability (CVE-2025-54057)

Do Son November 27, 2025

Apache SkyWalking, the widely adopted open-source Application Performance Monitoring (APM) system used for distributed systems in Cloud...

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

GitLab Security Code Integrity GitLab sale GitLab, Security GitLab Stored XSS, Kubernetes Proxy Flaw

High-Severity GitLab XSS Flaw (CVE-2025-11224) Risks Kubernetes Proxy Session Hijacking

Do Son November 13, 2025

GitLab has released a new round of security updates for both Community Edition (CE) and Enterprise Edition...

Open WebUI XSS Flaw (CVE-2025-64495) Risks Admin RCE via Malicious Prompts Open WebUI XSS RCE, Prompt Injection

Open WebUI XSS Flaw (CVE-2025-64495) Risks Admin RCE via Malicious Prompts

Do Son November 13, 2025

The developers behind Open WebUI, an open-source and self-hosted AI interface framework, have issued a security advisory...

Critical Zimbra Flaw Fixed: Patch Addresses Multiple Stored XSS and Unauthenticated LFI in Mail Client Zimbra Critical XSS, Unauthenticated LFI

Zimbra Critical XSS, Unauthenticated LFI

Critical Zimbra Flaw Fixed: Patch Addresses Multiple Stored XSS and Unauthenticated LFI in Mail Client

Do Son November 11, 2025

Zimbra has issued a critical security patch, Zimbra Daffodil (v10.1.13), to address a host of vulnerabilities in...

CVE-2024-21687 & CVE-2024-21686 Atlassian AI data contribution

Atlassian Fixes CVE-2024-21687 & CVE-2024-21686 Vulnerabilities in Bamboo and Confluence

Do Son July 16, 2024

In a recent security advisory, Atlassian, a renowned software company known for its collaboration and productivity tools,...

CVE-2023-49657: Apache Superset Hit by High-Risk Stored XSS Vulnerability

Do Son January 24, 2024

The maintainers of the Apache Superset open-source data visualization software have released fixes to fix a critical vulnerability...

Critical Alert 2 Active Exploits Detected Today