CVE-2026-2336

creationtimestamp| type| source ---|---|--- 2026-04-16 21:23:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjndtefhf72q 2026-04-17 05:18:08+00:00| published-proof-of-concept| Telegram/MfRD7ll8pGcGi3RGemlsgII30sQ-Y2l5bpdSqMK2BdYlKE...

MAL-2026-2336 Malicious code in cdnjavacss (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1fb57ffd656f0a20fd4da4f7364cf96e67191700bda0682462b0ea9c68de1bb1 The package cdnjavacss was found to contain malicious code...

EUVD-2026-2336

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...

CVE-2019-2336

Subsequent use of the CBO listener may result in further memory corruption due to use after free issue. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure...

EUVD-2014-2668

Malware in sbrugna...

net.aequologica.neo:geppaequo-tags (>=0.5.3 <=0.6.0), net.aequologica.neo:geppaequo-web (>=0.5.3 <=0.6.0) +4 more potentially affected by CVE-2025-2336 via org.webjars.npm:angular-sanitize (>=1.5.0-beta.0 <=1.8.3)

org.webjars.npm:angular-sanitize MAVEN version =1.5.0-beta.0, =0.5.3, =0.5.3, =0.6.0 - org.webjars.npm:angular-auto-complete =1.7.4 - org.webjars.npm:angular-material-calendar =0.2.14 - org.webjars.npm:angular-schema-form =0.8.13 - org.webjars.npm:github-com-showdownjs-ng-showdown =1.1.0 Source...

com.github.grantlittle:bdd-reporting-server (>=0.1.5 <=0.1.7), com.github.grantlittle:bdd-reporting-service (=0.1.9) +59 more potentially affected by CVE-2025-2336 via org.webjars.bower:angular-sanitize (>=1.2.29 <=1.8.2)

org.webjars.bower:angular-sanitize MAVEN version =1.2.29, =0.1.5, =0.5.0, =0.5.0, =0.5.1, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.0, =0.5.1 and more Source cves: CVE-2025-2336 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-10337226...

40au-isteven-angular-multiselect (=4.0.0), @0negativ/hawtio-integration (>=4.13.7-rc4 <=4.13.7-rc5) +500 more potentially affected by CVE-2025-2336 via angular-sanitize (>=1.3.11 <=1.8.3)

angular-sanitize NPM version =1.3.11, =4.13.7-rc4, =0.0.1, =0.0.1, =0.1.0, =2.0.0, =0.3.2, =0.2.7, =1.0.0, =1.0.0, =0.2.1, =0.0.1, =1.0.0, =3.0.2, =4.16.5 and more Source cves: CVE-2025-2336 Source advisory: OSV:GHSA-4P4W-6HG8-63WX...

CVE-2025-2336

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...

CVE-2025-2336

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...

CVE-2025-2336

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...

CVE-2025-2336

CVE-2025-2336 concerns AngularJS ngSanitize: an improper sanitization flaw allows bypassing image source restrictions via the href and xlink:href attributes in SVG elements. The root cause is inadequate sanitization, which can lead to Content Spoofing and potentially degrade application performa...

CVE-2025-2336

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...

CVE-2025-2336 AngularJS improper sanitization in SVG '<image>' element with 'ngSanitize'

Improper sanitization of the value of the 'href' and 'xlink:href' attributes in '' SVG elements in AngularJS's 'ngSanitize' module allows attackers to bypass common image source restrictions. This can lead to a form of Content Spoofing https://owasp.org/www-community/attacks/ContentSpoofing and...

CVE-2023-2336

Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21...

CVE-2010-2336

index.php in Yamamah Photo Gallery 1.00 allows remote attackers to obtain the source code of executable files within the web document root via the download parameter...

WordPress Popup Maker Plugin < 1.18.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:code-atlantic:popupmaker"; ifdescription...

CVE-2024-2336

The Popup Maker – Popup for opt-ins, lead gen, & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-2336

CVE-2024-2336 affects the WordPress plugin Popup Maker – Popup for opt-ins, lead gen, & more. All versions up to 1.18.2 are vulnerable to Stored Cross‑Site Scripting via shortcode attributes due to insufficient input sanitization/output escaping. Exploitation requires contributor‑level privileges...

WordPress Popup Maker Plugin <= 1.18.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup Maker Type Plugin Vulnerable versions = 1.18.2 Fixed in 1.18.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2336 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID f2e61eb496fe Credits Tim Coen Required privileg...