theemperorspath

2 exploits Active since Feb 2026

CVE-2026-38579 GITHUB MEDIUM WRITEUP

damasac thaipalliative_lte <= 3.0 - Reflected Cross-Site Scripting via idFormMain, id, and ptid_key Parameters

Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parameter (line 24), the id parameter (lines 25, 75), and the ptid_key parameter (lines 26, 42) in /substudy/ezform.php. User input is echoed into HTML attributes and JavaScript contexts without encoding.

CVSS 6.1

View Code

CVE-2026-2441 NOMISEC HIGH WRITEUP

Google Chrome <145.0.7632.75 - Use After Free

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

CVSS 8.8

View Code