CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...

CVE-2026-54298

Astro, prior to 6.4.6, is vulnerable to XSS via unescaped attribute names when spreading props onto HTML elements. The spreadAttributes path iterates over object keys and passes them to addAttribute, which interpolates the key into the HTML output without escaping, allowing attackers to inject ev...

CVE-2026-54298

Astro is a web framework. Prior to 6.4.6, the spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props ...

Astro: XSS via Unescaped Attribute Names in Spread Props

Summary The spreadAttributes function in Astro's server-side rendering pipeline iterates over object keys and passes them directly to addAttribute, which interpolates the key into the HTML output without escaping. When a developer uses the spread syntax ...props on an HTML element and the object...

PT-2026-49739

Name of the Vulnerable Software and Affected Versions Astro versions prior to 6.4.6 Description The spreadAttributes function in the server-side rendering pipeline iterates over object keys and passes them to the addAttribute function, which interpolates the key into the HTML output without...

CVE-2026-46625 JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

CVE-2026-46625 JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attribute injection

JavaScript Cookie is a JavaScript API for handling cookies, client-side. Prior to version 3.0.7, js-cookie's internal assign helper copies properties with for...in + plain assignment. When the source object is produced by JSON.parse, the JSON object's "proto" member is an own enumerable property,...

CVE-2026-47901

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

EUVD-2026-35438

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

PT-2026-47800

Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Due to a disabled Content Security Policy CSP, this allows a malicious plugin to execute arbitrary...

CVE-2026-46490

CVE-2026-46490 affects samlify (Node.js) prior to v2.13.0. The issue: template substitution only escapes attribute contexts; values placed in element text (e.g., saml:AttributeValue ) aren’t escaped. An attacker can inject XML markup into attribute values (e.g., email, name) and insert new saml:A...

RHEL 7 : python-tornado (RHSA-2026:24342)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24342 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

CVE-2026-44897

A flaw was found in Mistune, a Python Markdown parser. A remote attacker could exploit this vulnerability by providing specially crafted input to the HTMLRenderer.heading function. This input, containing a double-quote character in the HTML heading's ID attribute, is not properly sanitized,...

CVE-2026-40565

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's linkify function in app/Misc/Helper.php converts plain-text URLs in email bodies into HTML anchor tags without escaping double-quote characters " in the URL. HTMLPurifier called first via...

CVE-2026-8245

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL field into href="" . Any authenticated admin or report viewer with access to...

PT-2026-46844

Summary The serialize function in hono/cookie validates domain and path options against characters that corrupt Set-Cookie header syntax ;, r, , but does not apply the same validation to sameSite and priority. An application that passes user-controlled input into either option may produce a...

EUVD-2026-33254

The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'carouseldirection' parameter of the Carousel Anything widget in versions up to, and including, 6.4.15 This is due to insufficient output escaping in the render function, where the...

RockyLinux 10 : python-tornado (RLSA-2026:19034)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19034 advisory. tornado-python: Tornado: Denial of Service via large multipart bodies CVE-2026-31958 tornado: Tornado: Cookie attribute injection due to improper...

Linux Distros Unpatched Vulnerability : CVE-2026-44896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and earlier, in src/mistune/directives/image.py, the renderfigure function concatenates...

PYSEC-2026-168

Mistune is a Python Markdown parser with renderers and plugins. In 3.2.0 and realier, in src/mistune/directives/image.py, the renderfigure function concatenates figclass and figwidth options directly into HTML attributes without escaping. This allows attribute injection and XSS even when...