CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedHat Linux•added 2026/05/20 10:8 a.m.•8 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service DoS via an integer overflow in GLib's GIO GLib Input/Output escapebytestring function when processing malicious file or remote filesystem attribute values...

6.5CVSS6.7AI score0.00042EPSS

RedHat Linux•added 2026/05/20 1:59 a.m.•4 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

6.5CVSS6.7AI score0.00042EPSS

Positive Technologies•added 2026/05/20 12:0 a.m.•5 views

PT-2026-42179

Code Injection vulnerability in phenixdigital phoenix storybook allows unauthenticated remote code execution via unsanitized attribute value interpolation in HEEx template generation. The psb-assign WebSocket event handler in 'Elixir.PhoenixStorybook.Story.PlaygroundPreviewLive':handle event/3...

9.5CVSS6.6AI score0.00406EPSS

Cvelist•added 2026/05/13 3:24 p.m.•23 views

CVE-2026-44665 fast-xml-builder: Attribute values with unwanted quotes can bypass malicious or unwanted attributes

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS0.0001EPSS

RedHat Linux•added 2026/05/11 12:1 p.m.•5 views

glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow

6.5CVSS6.7AI score0.00042EPSS

Snyk•added 2026/04/01 12:5 a.m.•1 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection through the escapeNodeAttributeValues process. An attacker can execute arbitrary operating system commands by crafting a malicious .sy.zip file containing specially formatted block attribute values, which, when...

9.3CVSS6.2AI score0.00078EPSS

Exploits1References3

OSV•added 2026/03/30 5:20 p.m.•2 views

GHSA-W7RV-GFP4-J9J3 Slippers Vulnerable to Cross-Site Scripting (XSS) in `attrs` Template Tag

Summary A Cross-site Scripting XSS vulnerability exists in the % attrs % template tag of the slippers Django package. When a context variable containing untrusted data is passed to % attrs %, the value is interpolated into an HTML attribute string without escaping, allowing an attacker to break o...

6.1CVSS6AI score0.00045EPSS

Exploits1References5

Positive Technologies•added 2026/03/19 12:0 a.m.•7 views

PT-2026-26477

Name of the Vulnerable Software and Affected Versions DiceBear versions prior to 5.4.4 DiceBear versions 6.1.4 and earlier DiceBear versions 7.1.4 and earlier DiceBear versions 8.0.3 and earlier DiceBear versions 9.4.1 and earlier Description The software does not properly escape SVG attribute...

4.7CVSS5.8AI score0.00013EPSS

Exploits0References4

Snyk•added 2026/02/24 1:30 a.m.•1 views

Stack-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this...

9.8CVSS5.6AI score0.00064EPSS

Snyk•added 2026/02/24 1:30 a.m.•2 views

Stack-based Buffer Overflow

Overview Magick.NET-Q16-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

9.8CVSS5.6AI score0.00064EPSS

RedhatCVE•added 2026/01/09 10:18 a.m.•7 views

CVE-2019-18857

darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript :alert substring...

7.5CVSS6.8AI score0.00344EPSS

Github Security Blog•added 2025/11/13 10:59 p.m.•2 views

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

5.9AI score

Exploits0References6Affected Software1

OSV•added 2025/11/13 10:59 p.m.•3 views

GHSA-4249-GJR8-JPQ3 Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

8.7CVSS5.9AI score

Exploits0References6

RedhatCVE•added 2025/11/11 10:44 p.m.•1 views

CVE-2025-64501

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

7.6CVSS5.7AI score0.00027EPSS

NVD•added 2025/11/10 10:15 p.m.•1 views

CVE-2025-64501

7.6CVSS0.00027EPSS

EUVD•added 2025/11/10 9:37 p.m.•2 views

EUVD-2025-50824

7.6CVSS5.4AI score0.00027EPSS

OSV•added 2025/11/10 9:37 p.m.•1 views

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

7.6CVSS5.7AI score0.00027EPSS

Exploits0References4

CVE•added 2025/11/10 9:37 p.m.•4 views

CVE-2025-64501

Summary: CVE-2025-64501 affects the ProsemirrorToHtml gem used to convert ProseMirror JSON to HTML. In versions 0.2.0 and earlier, it is vulnerable to Cross-Site Scripting (XSS) through malicious HTML attribute values because attribute values aren’t escaped, while tag content is. Impact applies t...

7.6CVSS5.5AI score0.00027EPSS