These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-8657 is a high-severity prototype pollution issue in jsondiffpatch versions before 0.7.6. The vulnerable patch-related APIs can be driven by attacker-controlled delta or JSON Patch input, allowing special property paths such as __proto__ or constructor.prototype to reach and modify Object.prototype.
CVE-2026-8656 describes a cross-site scripting issue in jsondiffpatch versions before 0.7.6. When an application compares untrusted JSON or object data and renders the annotated formatter output into the DOM, improperly sanitized JSON values or property names can be interpreted as HTML by the browser. The result is a client-side XSS risk in any workflow that displays diff output to users.
CVE-2026-8244 describes an improper authentication issue in Industrial Application Software IAS Canias ERP 8.03 affecting the Login RMI Interface. According to the supplied source record, manipulating the clientVersion argument can lead to authentication bypass behavior, and the issue is remotely reachable. The CVE is rated medium severity (CVSS 5.5), and the source record also notes that a public exploit [truncated]
CVE-2026-8242 describes a remotely reachable response-discrepancy issue in the doAction function of the Login RMI Interface in IAS Canias ERP 8.03. The CVE was published on 2026-05-10 and is rated low severity (CVSS 2.9), but defenders should still pay attention because the issue is public and the cited exploitability is difficult, which can still aid targeted probing.
CVE-2026-8241 describes an improper-authorization issue in the iasGetServerInfoEvent function of the RMI Interface in Industrial Application Software IAS Canias ERP 8.03. The source record says the attack can be executed remotely and that a public exploit disclosure exists. NVD classifies the issue as Medium severity (CVSS 5.5).