OffSequence9h ago
⚠️ CVE-2026-8253: MEDIUM severity XSS in Devs Palace ERP Online v4.0.0 via /inventory/purchase_save. No patch; vendor unresponsive. Apply WAF rules & restrict access. Details: https://radar.offseq.com/threat/cve-2026-8253-cross-site-scripting-in-devs-palace--7f918dea #OffSeq #XSS #ERP #Vuln
OffSequence1d ago
⚠️ HIGH-severity XSS (CVE-2026-6735) impacts PHP 8.2 – 8.5: improper input handling on PHP-FPM status page enables JavaScript injection via crafted URLs. Restrict access & watch for updates. https://radar.offseq.com/threat/cve-2026-6735-cwe-79-improper-neutralization-of-in-fbc11f41 #OffSeq #PHP #XSS #AppSec
OffSequence3d ago
🛡️ CVE-2026-7330: HIGH severity stored XSS in thedark Auto Affiliate Links (≤6.8.8) lets unauthenticated attackers inject scripts via AJAX endpoint. WP admins at risk — update/disable plugin! https://radar.offseq.com/threat/cve-2026-7330-cwe-79-improper-neutralization-of-in-dc918ba5 #OffSeq #WordPress #Infosec #XSS
sayzard3d ago

New security vulnerabilities disclosed in Next.js (patches released)

Next.js v16.2.6 버전에서 다수의 보안 취약점이 공개되어 패치가 릴리스되었다. 주요 취약점은 서버 컴포넌트의 서비스 거부(DoS), 미들웨어 및 프록시 우회, 서버사이드 요청 위조(SSRF), 크로스사이트 스크립팅(XSS), 캐시 중독 등이며, App Router와 Pages Router 모두 영향을 받는다. 이번 보안 업데이트는 Next.js를 사용하는 AI 서비스 및 웹 애플리케이션 개발자에게 즉시 적용이 권장된다.

https://github.com/vercel/next.js/releases/tag/v16.2.6

#nextjs #security #dos #ssrf #xss

Release v16.2.6 · vercel/next.js

This release contains security fixes for the following advisories: High: GHSA-8h8q-6873-q5fj: Denial of Service with Server Components GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router ...

GitHub
OffSequence3d ago
⚠️ CRITICAL XSS in ci4ms 0.31.4.0 (CVE-2026-41201): Stored DOM XSS via backup filename lets attackers fully take over accounts. Upgrade to 0.31.5.0 now! https://radar.offseq.com/threat/cve-2026-41201-cwe-79-improper-neutralization-of-i-fc417f58 #OffSeq #XSS #Vuln #InfoSec
Hugo | DevOps | CybersecurityMay 3

CVE-2026-3346: stored XSS in IBM Langflow 1.6.0-1.8.4. Authenticated attacker injects JS into Web UI fields, steals cookies/sessions. No patch, no exploit in wild. CVSS 6.4, but credential disclosure risk is real. Pin your versions. #XSS #Langflow

https://www.valtersit.com/cve/2026/04/cve-2026-3346/

CVE-2026-3346 | Valters IT Hub

OffSequenceMay 3
🚨 HIGH-severity XSS (CVE-2026-5063) in NEX-Forms – Ultimate Forms Plugin for WordPress (≤9.1.11): Unauthenticated attackers can inject persistent scripts. No patch yet — disable vulnerable versions and monitor for updates. https://radar.offseq.com/threat/cve-2026-5063-cwe-79-improper-neutralization-of-in-f0ffe501 #OffSeq #XSS #WordPress
Donweb MediaMay 2

Gravity Forms: 5 vulnerabilidades XSS críticas sin parchear

Gravity Forms vulnerabilidad XSS crítica: 5 fallos Stored XSS afectan 6M sitios. Ataques sin autenticación confirmados. Actualiza a 2.10.1 inmediatamente.

https://seguridadenwordpress.com/gravity-forms-vulnerabilidad-xss-cve-2026-5109/

#gravityforms #xss #cve20265109 #storedxss #wordpressplugins

Gravity Forms: 5 vulnerabilidades XSS críticas sin parchear - Seguridad en Wordpress

Cinco vulnerabilidades Stored XSS en Gravity Forms afectan a más de 6 millones de sitios. La versión 2.10.1 incluye el parche.

Seguridad en Wordpress
OffSequenceMay 2
🔎 CVE-2026-5324: HIGH (CVSS 7.2) XSS in Brizy – Page Builder (≤2.8.11) lets unauth'd attackers inject scripts into form data. Admins risk session hijack viewing Leads. Restrict access, monitor for patches. https://radar.offseq.com/threat/cve-2026-5324-cwe-79-improper-neutralization-of-in-973821a2 #OffSeq #WordPress #XSS #Vuln
OffSequenceApr 30
🚨 CRITICAL: Jenkins GitHub Plugin ≤1.46.0 has a stored XSS (CVE-2026-42523). Attackers with Overall/Read permission can run JS in users' browsers. Limit permissions & check vendor for patches. https://radar.offseq.com/threat/cve-2026-42523-vulnerability-in-jenkins-project-je-d7de8e87 #OffSeq #Jenkins #XSS #Vuln