XSS Archives • Page 4 of 5 • Daily CyberSecurity

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers Gogs RCE, XSS Vulnerability

Behind the Commit: CVSS 10.0 Bug Lets Attackers Hijack Gogs Servers

Ddos June 24, 2025

The open-source Git service Gogs, known for its simplicity and ease of deployment, disclosures two severe security...

Urgent Ubiquiti Alert: Critical Flaws (CVSS 9.9) Allow Privilege Escalation via XSS & SQL Injection Ubiquiti Vulnerabilities, Privilege Escalation

Ubiquiti Vulnerabilities, Privilege Escalation

Urgent Ubiquiti Alert: Critical Flaws (CVSS 9.9) Allow Privilege Escalation via XSS & SQL Injection

Ddos June 18, 2025

Two high-severity vulnerabilities have been disclosed in widely used Ubiquiti software components—UCRM Client Signup Plugin and the...

Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection! GitLab Security, High-Severity Flaws

Urgent GitLab Security Alert: High-Severity Flaws Allow Account Takeover & Code Injection!

Ddos June 12, 2025

GitLab has issued urgent security updates for its Community Edition (CE) and Enterprise Edition (EE), addressing a...

CISA Flags Active Exploits in Erlang/OTP SSH and Roundcube Webmail: Critical RCE and XSS Flaws Under Attack ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

ActiveMQ RCE CVE-2026-34197 CISA KEV Catalog Actively Exploited Vulnerabilities CISA KEV Catalog CVE-2025-37164 GeoServer XXE, CISA KEV FortiWeb SQLi, CISA KEV Critical Vulnerabilities CVE-2024-20953

CISA Flags Active Exploits in Erlang/OTP SSH and Roundcube Webmail: Critical RCE and XSS Flaws Under Attack

Ddos June 10, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited...

UNC1151 Exploits Roundcube Flaw in Spear Phishing Attack Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

UNC1151 Exploits Roundcube Flaw in Spear Phishing Attack

Ddos June 9, 2025

CERT Polska has sounded the alarm after uncovering a spear phishing campaign that targeted Polish organizations using...

Unpatched XSS Vulnerability in Jenkins Gatling Plugin Puts Users at Risk (CVE-2025-5806) Jenkins Security Vulnerability

Unpatched XSS Vulnerability in Jenkins Gatling Plugin Puts Users at Risk (CVE-2025-5806)

Ddos June 7, 2025

The Jenkins community has issued a high-severity security advisory for a newly disclosed vulnerability in the Gatling...

Multiple Stored XSS Vulnerabilities Discovered in VMware NSX — Patch Now VMware NSX, XSS Vulnerabilities

Multiple Stored XSS Vulnerabilities Discovered in VMware NSX — Patch Now

Ddos June 4, 2025

Broadcom has released important updates addressing three newly disclosed vulnerabilities in VMware NSX, all of which expose...

Splunk Issues Patches for Two Security Flaws: Windows Permission Misconfiguration and Reflected XSS Splunk Vulnerabilities, Security Advisory

Splunk Vulnerabilities, Security Advisory

Splunk Issues Patches for Two Security Flaws: Windows Permission Misconfiguration and Reflected XSS

Ddos June 3, 2025

Splunk Inc., a leader in data analytics and security monitoring, has issued security advisories for two newly...

Hitachi Energy’s Asset Suite Hit by Multiple Critical Vulnerabilities Hitachi Energy, Asset Suite Vulnerabilities

Hitachi Energy’s Asset Suite Hit by Multiple Critical Vulnerabilities

Ddos June 1, 2025

Hitachi Energy has issued a cybersecurity advisory warning of multiple vulnerabilities impacting its Asset Suite product—a widely...

Argo CD Alert: XSS Flaw (CVSS 9.1) Allows Kubernetes Hijacking Argo CD XSS Kubernetes security

Argo CD Alert: XSS Flaw (CVSS 9.1) Allows Kubernetes Hijacking

Ddos May 29, 2025

Argo CD, the widely adopted GitOps continuous delivery tool for Kubernetes, has issued a high-severity security advisory...

Fundamental Web Security Broken: New Attacks Bypass Same-Origin Policy via HTTP/2 & SXG Same-Origin Policy bypass HTTP/2 exploit

Fundamental Web Security Broken: New Attacks Bypass Same-Origin Policy via HTTP/2 & SXG

Ddos May 27, 2025

In a revelation for web security, researchers from Tsinghua University have exposed two novel, off-path attacks —...

Grafana Zero-Day? Emergency Patch Released ‘One Day Ahead of Schedule’ for XSS Flaw Grafana SCIM Flaw CVE-2025-41115 Grafana Vulnerabilities, XSS Flaw Grafana security alert, XSS patch

Grafana Zero-Day? Emergency Patch Released ‘One Day Ahead of Schedule’ for XSS Flaw

Ddos May 22, 2025

Grafana Labs issued an unscheduled security release—Grafana 12.0.0+security-01—alongside patches for all supported versions, addressing a high-severity cross-site...

Palo Alto Networks Warns of XSS Flaw with PoC Exploit Code GlobalProtect XSS, PAN-OS security

Palo Alto Networks Warns of XSS Flaw with PoC Exploit Code

Ddos May 21, 2025

Palo Alto Networks has issued a security advisory for a reflected cross-site scripting (XSS) vulnerability, tracked as...

Broadcom Fixes RCE, DoS, XSS in VMware ESXi, vCenter, Workstation CVE-2023-20864 VMware RCE, virtualization security

Broadcom Fixes RCE, DoS, XSS in VMware ESXi, vCenter, Workstation

Ddos May 20, 2025

Broadcom has issued a security advisory addressing four newly discovered vulnerabilities in several VMware products, including ESXi,...

Can Your Firewall Be Hacked? Severe Flaws Found in pfSense pfSense hacking, network security risk

Can Your Firewall Be Hacked? Severe Flaws Found in pfSense

Ddos May 20, 2025

Security researcher Navy Titanium have released a technical deep-dive uncovering three severe vulnerabilities affecting pfSense, the popular...

XSS Vulnerability Discovered in Label Studio: Update Now! Label Studio XSS CVE-2025-47783

XSS Vulnerability Discovered in Label Studio: Update Now!

Ddos May 19, 2025

Researchers have disclosed a reflected cross-site scripting (XSS) vulnerability in Label Studio, an open-source data labeling tool...

Jenkins Plugin Flaws Expose Critical Risks: CVE-2025-47889 Hits 9.8 CVSS with Auth Bypass Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

Jenkins Security Update CVE-2026-27099 Jenkins security - CVE-2023-35141 Jenkins plugins, CVE-2025-47884

Jenkins Plugin Flaws Expose Critical Risks: CVE-2025-47889 Hits 9.8 CVSS with Auth Bypass

Ddos May 16, 2025

Jenkins, a popular open-source automation server, is a crucial tool for many development and operations teams. A...

Operation RoundPress: Sednit Weaponizes XSS to Breach Global Webmail Servers Sednit Cyberespionage, APT28

Operation RoundPress: Sednit Weaponizes XSS to Breach Global Webmail Servers

Ddos May 16, 2025

ESET researchers have exposed a covert cyberespionage campaign, dubbed Operation RoundPress, believed to be orchestrated by the...

High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale a-blog cms, CVE-2025-36560

High-Risk Flaws in a-blog cms: CVE-2025-36560 Scores Critical 9.2 on CVSS Scale

Ddos May 15, 2025

JPCERT/CC has issued a vulnerability note disclosing multiple security flaws in a-blog cms, a popular content management...

CISA Warns Critical Flaws in KUNBUS Revolution Pi Exposing Industrial Systems to Remote Attacks KUNBUS Revolution Pi, CISA vulnerabilities

CISA Warns Critical Flaws in KUNBUS Revolution Pi Exposing Industrial Systems to Remote Attacks

Ddos May 3, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a risk evaluation advisory detailing several high-severity...