CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4 matches found

CVE•added 2026/03/18 1:19 a.m.•10 views

CVE-2026-28499

LeafKit (Vapor) prior to version 1.14.2 has an HTML escaping flaw when rendering collection values (Array/Dictionary) via #(value), which can cause XSS by unescaped output. The issue is fixed in LeafKit 1.14.2. Affected tooling references include CVE-2026-28499 and related advisories (NVD, Red Ha...

6.9CVSS5.7AI score0.00017EPSS

Exploits1References3Affected Software1

OSV•added 2026/03/16 4:22 p.m.•3 views

GHSA-6JJ5-J4J8-8473 LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

Summary LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped. Details LeafKit attempts to escape expressions during serialization, but due to...

6.9CVSS5.6AI score0.00017EPSS

Exploits1References5

GitLab Advisory Database•added 2026/03/16 12:0 a.m.•4 views

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped...

6.9CVSS5.7AI score0.00017EPSS

Exploits1References5Affected Software1

GitLab Advisory Database•added 2026/03/16 12:0 a.m.•5 views

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

6.9CVSS5.7AI score0.00017EPSS

Exploits1References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by