Cwe-79 - Cross-site Scripting (xss) is a cwe tracked across 50 threat clusters and 191 intelligence report mentions on ThreatCluster. First observed April 16, 2026; most recent activity July 18, 2026.
A critical vulnerability, CVE-2026-48768, was disclosed affecting TypeBot versions 3.16.1 and earlier. The flaw allows unauthenticated users to exploit the POST /api/blocks/file-input/v3/generate-upload-url endpoint,…
Operation Escaneo is a coordinated cyberattack attributed to the MexicanMafia group, targeting critical infrastructure across Latin America, primarily Mexico. The campaign, which spanned from 2025 to 2026, utilized…
SiYuan, an open-source personal knowledge management system, has disclosed a critical stored cross-site scripting (XSS) vulnerability that can escalate to remote code execution (RCE) in its Electron desktop client. The…
CVE-2026-55879 is a critical vulnerability affecting OpenReplay versions 1.24.0 to 1.25.0, allowing unauthenticated attackers to execute stored XSS in the dashboard. The flaw arises from the OpenReplay tracking SDK's…
A critical server-side template injection (SSTI) vulnerability in FOSSBilling, tracked as CVE-2026-28496, was disclosed on June 23, 2026. This flaw affects all versions up to 0.7.2 and allows attackers to exploit unsafe…
A critical SQL injection vulnerability (CVE-2026-26980) in Ghost CMS is being actively exploited in a large-scale cyberattack affecting over 700 websites, including those of Harvard University, Oxford University, Auburn…
On April 24, 2026, CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog. The affected products include SimpleHelp remote management software, Samsung MagicINFO 9 Server, and…
The Divi Form Builder plugin for WordPress is vulnerable to Arbitrary File Upload, allowing Remote Code Execution in all versions up to 5.1.8. This vulnerability arises from insufficient file extension validation in the…
A suspected China-aligned threat group, tracked as UNK_MassTraction, has been exploiting vulnerabilities in Roundcube mail servers at U.S. and Canadian universities since May 2026. The campaign targets physics and…
A critical remote code execution (RCE) vulnerability, CVE-2026-53435, has been identified in Jenkins, affecting versions 2.567 and earlier, including LTS 2.555.2 and earlier. This flaw allows attackers to exploit…