← Back

Cveclient

cveclient

Vendor: Cmu • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-35467
1Cmu
1Cveclient
Jun 3, 2026
Apr 2, 2026
N/A· v4
7.5 HIGH· v3
N/A· v2
The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials.
CVE-2026-35466
1Cmu
1Cveclient
Jun 3, 2026
Apr 2, 2026
N/A· v4
6.1 MEDIUM· v3
N/A· v2
XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services