Lucene search
K

9 matches found

Tenable Nessus
Tenable Nessus
added yesterday3 views

Linux Distros Unpatched Vulnerability : CVE-2026-11998

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-11998

A flaw was found in AngularJS. The Strict Contextual Escaping SCE logic, designed to ensure only trusted values are used in security-sensitive contexts like resource URLs, can be bypassed. This bypass allows an attacker to use unsafe values as resource URLs, leading to arbitrary JavaScript...

7.6CVSS5.9AI score0.00338EPSS
Exploits0References5
NVD
NVD
added last week9 views

CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS0.00338EPSS
Exploits0References6
OSV
OSV
added last week2 views

UBUNTU-CVE-2026-11998

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6AI score0.00338EPSS
Exploits0References4
Cvelist
Cvelist
added last week16 views

CVE-2026-11998 AngularJS XSS via SCE resource URL sanitization bypass

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS0.00338EPSS
Exploits0References2
EUVD
EUVD
added last week6 views

EUVD-2026-39080

A flaw in AngularJS' Strict Contextual Escaping SCE logic allows bypassing certain SCE policies for resource URLs and can lead to arbitrary JavaScript execution within the context of the victim's browser session. SCE's purpose is to ensure that only trusted or safe values are used in certain...

7.6CVSS6.1AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52086

Name of the Vulnerable Software and Affected Versions AngularJS versions 1.2.0-rc.3 and later Description A flaw in the Strict Contextual Escaping SCE logic allows the bypass of policies for resource URLs, which can lead to arbitrary JavaScript execution in the victim's browser session. SCE is...

7.6CVSS6AI score0.00338EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/08 7:21 p.m.12 views

PraisonAI has Template Injection in Agent Tool Definitions

Summary Direct insertion of unescaped user input into template-rendering tools allows arbitrary code execution via specially crafted agent instructions. Details The createagentcentrictools function returns tools like acpcreatefile that process file content using template rendering. When user inpu...

8.8CVSS6.6AI score0.00558EPSS
Exploits1References4Affected Software1
RedHat Linux
RedHat Linux
added 2024/06/20 12:39 p.m.2 views

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

5.4CVSS7.2AI score0.00795EPSS
Exploits0References8
Rows per page
Query Builder