Lucene search
K

16925 matches found

EUVD
EUVD
added 6 days ago7 views

EUVD-2026-40520

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00297EPSS
Exploits0References3
Debian CVE
Debian CVE
added last week5 views

CVE-2026-13883

Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.8AI score0.00306EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.5 views

PT-2026-54089

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input allows a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. This occurs when a user is convinced to...

9.6CVSS6.2AI score0.00413EPSS
Exploits0References439
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 4:33 a.m.25 views

CVE-2026-10712

GitLab CVE-2026-10712 affects GitLab CE/EE with versions 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. The issue is described as improper path validation that could, under certain conditions, allow an unauthenticated user to execute arbitrary JavaScript in a user’s browser ses...

8CVSS6.1AI score0.00222EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/24 9:16 p.m.5 views

CVE-2026-52798

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

8.9CVSS0.00429EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 5:17 p.m.5 views

DEBIAN-CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 12:13 p.m.9 views

EUVD-2026-38435

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS5.9AI score0.00183EPSS
Exploits1References2
Circl
Circl
added 2026/06/19 8:37 p.m.9 views

CVE-2008-6557

creationtimestamp| type| source ---|---|--- 2026-06-19 20:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3moo72rsqmo2a...

10CVSS5.8AI score0.0317EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox and Thunderbird

If a document creates a sandboxed iframe without allow-scripts, and then appends an element to the iframe’s document that has a JavaScript event handler—the event handler will still be executed despite the iframe being in a sandbox. This vulnerability affects Firefox versions earlier than 97,...

9.6CVSS6.7AI score0.00743EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Due to a sequence of events controlled by the attacker, a JavaScript alert dialog with arbitrary although unstyled contents could be displayed over an uncontrolled web page of the attacker’s choice. This vulnerability affects Firefox 94, Thunderbird 91.3, and Firefox ESR 91.3...

4.3CVSS6.3AI score0.01622EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Firefox

A compromised web child process could disable web security opening restrictions, resulting in a new child process being spawned within the file:// context. With a reliable exploit primitive, this new process could be exploited again, leading to arbitrary file reading. This vulnerability affects...

6.5CVSS7AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.37 views

CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50788

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 26.3.1-1.1 Description Security issues were identified in Node.js that could compromise server infrastructure. Recommendations Update to version 26.3.1-1.1...

7.5CVSS6.7AI score0.02445EPSS
Exploits0References154
Github Security Blog
Github Security Blog
added 2026/06/17 6:41 p.m.12 views

Filament: Disabled RichEditor field state can be used for XSS

In Filament v3, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attacker could plant malicious HTML or JavaScript and achieve XSS that executes for users who view the...

7.6CVSS5.2AI score0.00168EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50162

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description Caddy is an extensible server platform that uses TLS by default. The stripHTML template function, specifically within the funcStripHTML function, cannot reliably remove all HTML tags from input string...

4.2CVSS6AI score0.00153EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2026/06/12 9:37 p.m.68 views

ember

🔥 Ember AI systems burn brightly but hide their secrets. Em...

5.3AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/12 8:50 p.m.7 views

CVE-2026-53606 sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/06/12 2:44 a.m.66 views

websec-skills

websec-skills Web Security Vulnerability Testing Skills Set,...

5.5AI score
Exploits0
OSV
OSV
added 2026/06/10 7:12 p.m.6 views

GHSA-542P-WVX7-72M4 Litestar has HTML Injection Through its CSRF Token

Overview Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross Site Scripting due to the contents of the CSRF cookie being excluded from automatic escaping by the template engine when configured inline...

8.1CVSS5.5AI score0.0003EPSS
Exploits0References3
Rows per page
Query Builder