Advertisement
CVE-2021-22291: ABB EIBPORT V3 <3.9.2 Session Hijacking Vulnerability
ABB EIBPORT V3 devices are vulnerable to CVE-2021-22291 (XSS/session hijacking), allowing unauthenticated access and configuration changes. Patch immediately.
CVE-2024-50498: CISA Orders Patch for Exploited cPanel Plugin Flaw
CISA mandates federal agencies patch CVE-2024-50498, an actively exploited LiteSpeed cPanel plugin vulnerability, to prevent unauthorized account access.
CVE-2026-4293: Kieback & Peter DDC XSS — Mitigate Building Controller Risks
CISA warns of CVE-2026-4293, a Cross-site Scripting vulnerability in Kieback & Peter DDC Building Controllers. Attackers could control victim browsers, affecting
CVE-2026-42897: Microsoft Exchange OWA XSS Zero-Day Under Attack
Active Zero-Day XSS vulnerability, CVE-2026-42897, impacts Microsoft Exchange OWA, allowing mailbox compromise. No patch available.
CVE-2026-42897: Microsoft Exchange XSS Under Active Exploitation
CISA adds CVE-2026-42897, a Microsoft Exchange Server Cross-Site Scripting vulnerability, to KEV Catalog due to active exploitation. Immediate patching advised.
CVE-2026-42897: How Attackers Exploit Microsoft Exchange Server
Microsoft warns of active exploitation of CVE-2026-42897, a critical spoofing and XSS vulnerability in on-premise Exchange Server triggered via email.
CVE-2023-29489: How Attackers Exploit cPanel XSS for Auth Bypass
A critical authentication bypass in cPanel via CVE-2023-29489 is under active exploitation. Discover technical details and essential mitigation steps.
Zimbra XSS Attacks: Over 10,000 Servers Vulnerable — Patch Now
Ongoing cross-site scripting (XSS) attacks exploit a flaw in Zimbra Collaboration Suite (ZCS), leaving over 10,000 online servers vulnerable.
CVE-2025-13902: Patching Schneider Electric Modicon Controllers
Schneider Electric Modicon M241 and M251 controllers face XSS risks via CVE-2025-13902. Learn how to patch firmware and secure industrial control networks.
CVE-2025-66376: ZCS Cross-Site Scripting Actively Exploited
CISA adds CVE-2025-66376, a Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting vulnerability, to its KEV Catalog due to active exploitation. Immediate
CVE-2024-4510: Zimbra Collaboration Suite XSS Exploitation Guide
CISA adds CVE-2024-4510 to the KEV catalog following active exploitation of a Zimbra Collaboration Suite XSS vulnerability. Patch ZCS version 9.0.0 today.
Exploitation of SVG-Based XSS in RoundCube Webmail Instances
Technical analysis of a cross-site scripting (XSS) vulnerability in RoundCube Webmail triggered by improper sanitization of SVG animate elements.