https://truepositive.me/tags/vulnerability-research/ Recent content in Vulnerability-Research on TruePositive Hugo en-us Sun, 28 Jun 2026 00:00:00 +0000 https://truepositive.me/posts/cve-2026-33403/ Sun, 28 Jun 2026 00:00:00 +0000 https://truepositive.me/posts/cve-2026-33403/ Unauthenticated reflected XSS and HTML injection in Pi-hole Web via the file query parameter in taillog.js, enabling credential harvesting against logged-in admins. CVSS 6.1 Medium. https://truepositive.me/posts/cve-2026-35491/ Sun, 28 Jun 2026 00:00:00 +0000 https://truepositive.me/posts/cve-2026-35491/ CLI API sessions in Pi-hole FTL can bypass authorization controls to import Teleporter archives and modify configuration. CVSS 6.1 Medium. https://truepositive.me/posts/cve-2026-37762/ Sun, 28 Jun 2026 00:00:00 +0000 https://truepositive.me/posts/cve-2026-37762/ Exposed LAN services in Skyworth Android TV devices allow network-adjacent attackers to execute arbitrary commands without authentication. CVSS 8.8 High.