Lucene search
K

94 matches found

Cvelist
Cvelist
added 2026/04/24 2:57 a.m.36 views

CVE-2026-41318 AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..."...

5.4CVSS0.00195EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2026/04/22 8:19 p.m.8 views

2c2p-integration (>=0.2.0 <=0.2.2), 4help-shared (>=1.0.8 <=1.0.15) +4860 more potentially affected by CVE-2026-41674 via @xmldom/xmldom (>=0.7.0 <=0.8.12)

@xmldom/xmldom NPM version =0.7.0, =0.2.0, =1.0.8, =0.1.3, =0.0.7, =0.3.31, =0.1.3, =1.0.4, =1.0.0, =1.2.13 and more Source cves: CVE-2026-41674 Source advisory: SNYK:JS-XMLDOMXMLDOM-16134549...

8.7CVSS5.7AI score0.00457EPSS
Exploits0
AlpineLinux
AlpineLinux
added 2026/04/21 12:40 p.m.3 views

CVE-2026-6746

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10...

7.5CVSS5.8AI score0.00586EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2026/04/17 9:0 p.m.8 views

2c2p-integration (>=0.2.0 <=0.2.2), 4help-shared (>=1.0.8 <=1.0.15) +4860 more potentially affected by CVE-2026-41672 via @xmldom/xmldom (>=0.7.0 <=0.8.12)

@xmldom/xmldom NPM version =0.7.0, =0.2.0, =1.0.8, =0.1.3, =0.0.7, =0.3.31, =0.1.3, =1.0.4, =1.0.0, =1.2.13 and more Source cves: CVE-2026-41672 Source advisory: SNYK:JS-XMLDOMXMLDOM-16133132...

8.7CVSS5.7AI score0.00365EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/03/09 2:6 a.m.6 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

10CVSS6AI score0.00604EPSS
Exploits0References39
Rockylinux
Rockylinux
added 2026/03/03 9:6 a.m.7 views

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

10CVSS6.1AI score0.00604EPSS
Exploits0
Rockylinux
Rockylinux
added 2026/02/26 8:43 p.m.8 views

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

10CVSS6AI score0.00604EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/02/25 12:26 a.m.5 views

SUSE CVE-2026-2799

Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148...

8.8CVSS5.8AI score0.00321EPSS
Exploits0References3
OSV
OSV
added 2026/02/24 2:16 p.m.6 views

UBUNTU-CVE-2026-2784

Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS7.3AI score0.0043EPSS
Exploits0References9
EUVD
EUVD
added 2026/02/24 1:33 p.m.6 views

EUVD-2026-8450

Use-after-free in the DOM: Core & HTML component. This vulnerability affects Firefox 148...

8.8CVSS5.3AI score0.00248EPSS
Exploits0References2
CVE
CVE
added 2026/02/24 1:33 p.m.26 views

CVE-2026-2798

CVE-2026-2798 is a use-after-free in the DOM: Core & HTML components affecting Firefox and Thunderbird. It was fixed in Firefox 148 and Thunderbird 148. Public exploits exist. Remediation: update to the latest Firefox/Thunderbird versions (148+).

8.8CVSS5.8AI score0.00248EPSS
Exploits0References6Affected Software2
EUVD
EUVD
added 2026/02/24 1:33 p.m.4 views

EUVD-2026-8495

Mitigation bypass in the DOM: HTML Parser component. This vulnerability affects Firefox 148, Firefox ESR 115.33, and Firefox ESR 140.8...

5.3AI score0.00552EPSS
Exploits0References4
OSV
OSV
added 2026/01/15 4:33 p.m.4 views

SUSE-SU-2026:20086-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.7.0 ESR bsc1256340. - MFSA 2026-03 bsc1256340 CVE-2026-0877: Mitigation bypass in the DOM: Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphic...

9.8CVSS5.8AI score0.0057EPSS
Exploits0References15
OSV
OSV
added 2026/01/13 2:16 p.m.10 views

CVE-2026-0877

Mitigation bypass in the DOM: Security component. This vulnerability affects Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...

8.1CVSS7.4AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/01/09 8:57 a.m.5 views

CVE-2023-4981

Cross-site Scripting XSS - DOM in GitHub repository librenms/librenms prior to 23.9.0...

8.8CVSS6.1AI score0.00565EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/12/24 12:0 a.m.4 views

TencentOS Server 4: python3.11 (TSSA-2025:0968)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0968 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

7.5CVSS7.3AI score0.01525EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/12/08 12:0 a.m.5 views

RHEL 8 : thunderbird (RHSA-2025:22791)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22791 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component...

8.8CVSS6.2AI score0.0041EPSS
Exploits0References20
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

RHEL 7 : firefox (RHSA-2025:22371)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22371 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

8.8CVSS6.2AI score0.0041EPSS
Exploits0References20
Veracode
Veracode
added 2025/12/02 10:21 a.m.7 views

Prototype Pollution

happy-dom is vulnerable to Prototype Pollution. The vulnerability is due to untrusted JavaScript running in the same isolate as the main application despite the --disallow-code-generation-from-strings flag, which allows an attacker to deploy prototype-pollution payloads to hijack critical...

9.4CVSS7AI score0.00318EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/01 6:58 p.m.3 views

firefox: thunderbird: Mitigation bypass in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Core & HTML component...

6.1CVSS5.7AI score0.00175EPSS
Exploits0References5
Rows per page
Query Builder