Lucene search
K

22 matches found

Cvelist
Cvelist
added last week32 views

CVE-2026-58263 Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
CVE
CVE
added last week13 views

CVE-2026-58263

CVE-2026-58263 affects Jodit Editor prior to 4.12.28. The built‑in clean-html sanitizer can be bypassed via a MathML/ carrier, allowing a no‑interaction event handler (e.g., onload) to survive in the editor value. When attacker‑supplied HTML is rendered (element.innerHTML = editor.value), the han...

7.2CVSS5.7AI score0.00179EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 12:0 a.m.3 views

ALSA-2026:34109 Important: httpd security, bug fix, and enhancement update

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fixes: httpd: incomplete fix for CVE-2023-38709 CVE-2024-42516 httpd: NULL pointer dereference via specially crafted request CVE-2026-29169 httpd: Apache HTTP Server: Heap-based Buffer...

9.8CVSS6.8AI score0.03914EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-13917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to...

6.5CVSS6.1AI score0.00242EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-13851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient validation of untrusted input in WebAppInstalls in Google Chrome on Android prior to 150.0.7871.47 allowed a local attacker to bypass discretionary...

9.1CVSS6AI score0.00289EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.14 views

PT-2026-43533

The WP AutoBuzz plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web script...

6.1CVSS5.7AI score0.00145EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/15 12:0 a.m.8 views

ApostropheCMS 安全漏洞

ApostropheCMS is a full-stack content management system open source by Apostrophe Technologies. Version 4.28.0 of ApostropheCMS has a security vulnerability. This vulnerability stems from the sanitize-html package’s ability to bypass the allowedTags enforcement mechanism, potentially leading to...

6.1CVSS5.6AI score0.00235EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/19 8:44 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:pannellum is a lightweight, free, and open source panorama viewer for the web. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the attributes configuration property in hot spots. An attacker can execute arbitrary JavaScript code by supplyi...

6.1CVSS5.9AI score0.00319EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.7 views

MiracleLinux 9 : firefox-140.5.0-1.el9_7.ML.1 (AXSA:2025-11515:36)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-11515:36 advisory. firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefo...

8.8CVSS8.7AI score0.0041EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.5 views

RHEL 8 : firefox (RHSA-2025:22363)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:22363 advisory. Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox:...

8.8CVSS6.2AI score0.0041EPSS
Exploits0References20
RedHat Linux
RedHat Linux
added 2025/12/01 2:40 a.m.5 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

8.8CVSS7.5AI score0.0041EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/12/01 2:39 a.m.5 views

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...

8.8CVSS7.5AI score0.0041EPSS
Exploits0References10
OSV
OSV
added 2025/11/21 9:1 a.m.8 views

RLSA-2025:21881 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly compone...

7.5CVSS6.7AI score0.0041EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/11/20 11:43 a.m.4 views

Important: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS7.5AI score0.0041EPSS
Exploits0References10
AlmaLinux
AlmaLinux
added 2025/11/13 12:0 a.m.8 views

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary...

8.8CVSS6.8AI score0.0041EPSS
Exploits0References20
FreeBSD
FreeBSD
added 2025/11/11 12:0 a.m.6 views

firefox -- Use-after-free

https://bugzilla.mozilla.org/showbug.cgi?id=1995686 reports: Use-after-free in the WebRTC: Audio/Video component. Same-origin policy bypass in the DOM: Workers component. Mitigation bypass in the DOM: Security component. Same-origin policy bypass in the DOM: Notifications component. Incorrect...

8.8CVSS6.6AI score0.0041EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/09/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-10201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Mojo in Google Chrome on Android, Linux, ChromeOS prior to 140.0.7339.127 allowed a remote attacker to bypass site isolation via...

8.8CVSS5.9AI score0.00258EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-6074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML...

8.8CVSS8AI score0.01521EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/15 12:0 a.m.6 views

PT-2022-21448 · Unknown · Lansweeper

Name of the Vulnerable Software and Affected Versions: Lansweeper version 10.1.1.0 Description: A cross-site scripting xss sanitization vulnerability bypass exists in the SanitizeHtml functionality. This allows an attacker to send a specially-crafted HTTP request, leading to arbitrary Javascript...

9.1CVSS7.5AI score0.01125EPSS
Exploits1References4
OSV
OSV
added 2021/09/09 10:15 p.m.2 views

UBUNTU-CVE-2021-39201

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Impact The issue allows an authenticated but low-privileged user like contributor/author to execute XSS in the editor. This bypasses the restrictions imposed on users who do n...

7.6CVSS6.5AI score0.01615EPSS
Exploits0References4
Rows per page
Query Builder