CVE-2026-27639 Mercator — Account Takeover via Stored XSSCVE-2026-27639 Stored XSS to admin account takeover in Mercator February 21, 2026 • 994 words • 5 mincve xss account-takeover
Because reading JSON at 2 a.m. is a no-go.From Sarif to TODOLIST February 20, 2026 • 599 words • 3 mintools research