Lucene search
K

59320 matches found

EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-42478

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-15132

Uninitialized Use in V8 in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

6.3AI score
Exploits0References3Affected Software1
CVE
CVE
added yesterday3 views

CVE-2026-55596

Plate is a rich-text editor (with AI and shadcn/ui). Affects versions 53.0.0 through 53.1.4 where the media embed renderer trusts serialized provider or sourceUrl metadata in useMediaState and skips parseMediaUrl protocol validation. This allows a crafted Plate document to set a known video provi...

8.7CVSS6AI score
Exploits0References4
NVD
NVD
added yesterday7 views

CVE-2026-59892

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS
Exploits0References3
NVD
NVD
added yesterday6 views

CVE-2026-57439

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS
Exploits0References5
CVE
CVE
added yesterday13 views

CVE-2026-59923

CVE-2026-59923 affects Mistune, a Python Markdown parser. Before 3.3.0, HTMLRenderer.safe_url() does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. The issue is fixed in version 3.3.0. E...

6.1CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday9 views

CVE-2026-59923 Mistune: XSS via percent-encoded javascript URI bypass in safe_url()

Mistune is a Python Markdown parser with renderers and plugins. Prior to 3.3.0, HTMLRenderer.safeurl does not block percent-encoded javascript URIs, allowing attacker-supplied Markdown links or images to bypass URL protections and execute script in rendered HTML. This issue is fixed in version...

6.1CVSS
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-59892

Summary: OpenTelemetry JavaScript’s JaegerPropagator (via @opentelemetry/propagator-jaeger) decodes uber-trace-id and uberctx-* headers with decodeURIComponent() without handling decode errors prior to 2.9.0, enabling an unauthenticated attacker to send a malformed percent-encoded value that resu...

7.5CVSS6AI score
Exploits0References3
EUVD
EUVD
added yesterday5 views

EUVD-2026-42324

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS6AI score
Exploits0References3
Cvelist
Cvelist
added yesterday11 views

CVE-2026-59892 OpenTelemetry JavaScript: Denial of service in `JaegerPropagator` via unhandled exception on a malformed header

OpenTelemetry JavaScript is the OpenTelemetry JavaScript client. Prior to 2.9.0, @opentelemetry/propagator-jaeger decodes incoming uber-trace-id and uberctx- HTTP header values with decodeURIComponent without handling decode errors, allowing an unauthenticated remote attacker to send a malformed...

7.5CVSS
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-59870

js-yaml (JavaScript YAML parser) is affected from 5.0.0 up to before 5.2.1. The YAML11_SCHEMA !!omap handling in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on each insertion, causing O(n^2) CPU usage when yaml.load() parses crafted ordered-map documents...

5.3CVSS6AI score
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-57439

CyberChef’s CVE-2026-57439 affects the Series Chart operation prior to version 11.2.0. The vulnerability arises when parsing user-supplied CSV, where proto can be used as a key, enabling prototype pollution. This can be chained with other operations (e.g., Parse UDP) to inject malicious JavaScrip...

5CVSS5.9AI score
Exploits0References5
Cvelist
Cvelist
added yesterday10 views

CVE-2026-57439 CyberChef: Prototype pollution in Series Chart operation

CyberChef is a web app for encryption, encoding, compression, and data analysis. Prior to 11.2.0, the Series Chart operation accepts proto as a key while parsing user-supplied CSV, allowing prototype pollution that can be chained with operations such as Parse UDP to inject malicious JavaScript in...

5CVSS
Exploits0References5
NVD
NVD
added yesterday6 views

CVE-2026-56359

n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth...

5.4CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-42257

n8n before 2.8.0 contains a cross-site scripting vulnerability in the credential management flow where authenticated users can inject malicious JavaScript URLs into OAuth2 credential Authorization URL fields. Attackers can craft malicious credentials and trick victims into clicking the OAuth...

5.4CVSS5.9AI score
Exploits0References2
NVD
NVD
added yesterday5 views

CVE-2026-57256

When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added yesterday9 views

CVE-2026-57250

When the application opens a PDF and JavaScript resets the form fields, the script re-enters the interface. The underlying native object is damaged, but the application does not perform validation. The function call on the damaged object leads to the application crashing...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-57241

The application opens the PDF, and JavaScript performs operations on the page and the document, causing the page-related objects within the application to lose synchronization; however, the renderer still trusts the outdated page count, and eventually the application crashes due to out-of-bounds...

6.1CVSS0.00107EPSS
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57242

The application opens the PDF, and JavaScript modifies the form. However, the related objects on the page lack complete lifecycle management and null value validation; when the page state changes, the application continuously dereferences invalid objects, eventually leading to a crash...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-57244

After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
Rows per page
Query Builder