Lucene search
K

9803 matches found

Vulnrichment
Vulnrichment
added 2026/05/16 5:0 a.m.7 views

CVE-2026-8656

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting XSS via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM,...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References3
CVE
CVE
added 2026/05/16 5:0 a.m.17 views

CVE-2026-8656

CVE-2026-8656 affects jsondiffpatch versions before 0.7.6. The vulnerability is Cross-site Scripting (XSS) via the annotated formatter caused by improper sanitization of JSON values and property names. When an application renders annotated formatter output in the DOM from untrusted JSON/object da...

6.1CVSS5.8AI score0.00191EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.9 views

SUSE SLES12 Security Update : MozillaFirefox (SUSE-SU-2026:1830-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1830-1 advisory. This update for MozillaFirefox fixes the following issues Updated to Firefox Extended Support Release 140.10.2 ESR bsc1264378,MFSA 2026-41: -...

9.8CVSS5.9AI score0.00446EPSS
Exploits0References19
NVD
NVD
added 2026/05/15 10:16 p.m.12 views

CVE-2026-44549

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...

8.7CVSS0.00318EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 9:45 p.m.12 views

CVE-2026-44549

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the sheetjs function sheettohtml to embed an XSS payload into the generated...

7.3CVSS5.8AI score0.00318EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/15 2:3 p.m.9 views

OESA-2026-2351 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS6AI score0.00446EPSS
Exploits0References4
OSV
OSV
added 2026/05/15 2:3 p.m.7 views

OESA-2026-2350 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS6AI score0.00446EPSS
Exploits0References4
OSV
OSV
added 2026/05/15 2:3 p.m.10 views

OESA-2026-2349 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

9.8CVSS6AI score0.00446EPSS
Exploits0References4
OSV
OSV
added 2026/05/15 1:59 p.m.5 views

OESA-2026-2292 thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR 115.35.2, Thunderbird 150.0.2, and Thunderbird 140.10.2.CVE-2026-8090 Memory safety bu...

9.8CVSS6AI score0.00446EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/15 1:37 p.m.77 views

dvwa_xss_lab

DVWA XSS Lab Project Introduction This project creates a...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.8.0 had a cross-site scripting vulnerability. This vulnerability stemmed from the insecure preview of Excel file attachments. The specially crafted XLSX file paylo...

8.7CVSS5.7AI score0.00318EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted WebUI that is open source. Versions of Open WebUI prior to 0.9.3 had a cross-site scripting vulnerability. This vulnerability stemmed from the XLSX.utils.sheettohtml function, which was rendered using @html excelHtml without...

5.4CVSS5.6AI score0.00209EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.9 views

MiracleLinux 9 : thunderbird-140.10.0-1.el9_7.ML.1 (AXSA:2026-616:11)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2026-616:11 advisory. firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the...

9.8CVSS6.1AI score0.04938EPSS
Exploits1References26
Patchstack
Patchstack
added 2026/05/14 8:29 p.m.10 views

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...

5.8AI score0.00319EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/14 8:29 p.m.7 views

GHSA-RCQX-6Q8C-2C42 Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.10 views

Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References4Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/14 8:22 p.m.11 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.8CVSS5.7AI score0.00309EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/14 7:50 p.m.7 views

firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

6.3CVSS5.7AI score0.00157EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/14 7:47 p.m.8 views

firefox: thunderbird: Mitigation bypass in the DOM: Security component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: Security component...

9.8CVSS5.7AI score0.00309EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/14 7:47 p.m.11 views

firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Spoofing issue in the DOM: Core & HTML component...

6.3CVSS5.7AI score0.00157EPSS
Exploits0References6
Rows per page
Query Builder