Skip to main content
CVE-2026-44541 HIGH PATCH GHSA This Week

DOM-based cross-site scripting in Fides consent banner (fides.js) allows remote unauthenticated attackers to execute arbitrary JavaScript in the embedding site's origin via crafted URL parameters, JavaScript globals, or cookies. The vulnerability affects Fides Enterprise deployments using the consent management platform with HTML-formatted banner descriptions enabled (FIDES_PRIVACY_CENTER__ALLOW_HTML_DESCRIPTION=true), though only when the non-default HTML description feature is active. Cookie-based payload delivery enables persistent XSS across all subdomains until cookies are cleared. Vendor-released patch available in ethyca-fides 2.84.5 (OSS) and fidesplus 2.84.6 (Enterprise). No public exploit identified at time of analysis beyond the vendor's proof-of-concept test snippet.

XSS
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-62628 HIGH This Week

Arbitrary code execution in AMD optional tools occurs through DLL injection during unsafe OpenSSL initialization, allowing local authenticated attackers with low-privilege user access and user interaction to execute malicious code with high impact to confidentiality, integrity, and availability. The vulnerability stems from insecure library loading (CWE-427) where the affected AMD utilities fail to validate DLL search paths during OpenSSL library initialization. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, though the low attack complexity (AC:L) indicates straightforward exploitation once local access is obtained.

Amd RCE OpenSSL
NVD
CVSS 4.0
7.0
EPSS
0.0%
Prev Page 4 of 4

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy