▌
CVEs
CVE-2026-32722: Bloomberg Memray’s Stored XSS via Unescaped Command-Line Metadata
2026-03-15
A profiling tool turned command-line metadata into executable HTML because one attacker-controlled field crossed into a browser sink without escaping.