Skip to main content
CVE-2026-24399 CRITICAL POC PATCH Act Now

Stored XSS in ChatterMate AI chatbot framework versions 1.0.8 and below. The chatbot accepts and renders malicious HTML/JavaScript from user input. PoC and patch available.

XSS AI / ML Chattermate
NVD GitHub
CVSS 3.1
9.3
EPSS
0.0%
CVE-2025-13374 CRITICAL Act Now

Arbitrary file upload in Kalrav AI Agent WordPress plugin due to missing file type validation in the kalrav_upload_file AJAX action.

WordPress RCE AI / ML PHP
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22583 CRITICAL Act Now

Argument injection in Salesforce Marketing Cloud Engagement CloudPagesURL component. Second Salesforce Marketing Cloud CVE with same root cause.

Code Injection Marketing Cloud Engagement
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22582 CRITICAL Act Now

Argument injection in Salesforce Marketing Cloud Engagement MicrositeURL component allows command execution. First of four critical Salesforce Marketing Cloud CVEs.

Code Injection Marketing Cloud Engagement
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-13952 CRITICAL Act Now

Write-after-free crash in GPU compiler process triggered by unusual GPU shader code loaded from the web. Browser vulnerability through WebGPU shader compilation.

Use After Free Denial Of Service Ddk
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22586 CRITICAL Act Now

Hardcoded cryptographic key in Salesforce Marketing Cloud Engagement used across CloudPages, Forward to a Friend, Profile Center, and Subscription Center. Fourth critical Salesforce CVE.

Information Disclosure Marketing Cloud Engagement
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22585 CRITICAL Act Now

Use of broken/risky cryptographic algorithm in Salesforce Marketing Cloud Engagement affecting CloudPages, Forward to a Friend, Profile Center, and Subscription Center components.

Information Disclosure Marketing Cloud Engagement
NVD
CVSS 3.1
9.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy