Lucene search
K

128 matches found

EUVD
EUVD
added 2026/07/02 7:44 p.m.9 views

EUVD-2026-41433

Forgejo before 15.0.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to execute arbitrary JavaScript in other users' browsers by setting a full name containing an HTML payload and triggering an Actions run. When the DEFAULTSHOWFULLNAME option is enabled,...

5.4CVSS6AI score0.00199EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.12 views

PT-2026-55302

Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 15.0.3 Description Authenticated attackers can execute arbitrary JavaScript in the browsers of other users. This occurs when the DEFAULT SHOW FULL NAME option is enabled and an attacker sets a full name containing an...

5.4CVSS6.3AI score0.00199EPSS
Exploits0References10
EUVD
EUVD
added 2026/07/01 11:28 a.m.10 views

EUVD-2026-40945

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score0.0019EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 11:28 a.m.6 views

CVE-2026-13323

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score0.0019EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.9 views

PT-2026-54628

Name of the Vulnerable Software and Affected Versions Open VSX Registry versions prior to 1.0.2 Description The '/vscode/unpkg/' endpoint serves user-supplied HTML files with a text/html Content-Type and lacks a Content-Security-Policy or Content-Disposition: attachment response header. This allo...

8.7CVSS5.9AI score0.0019EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:25 p.m.6 views

CVE-2026-52807

Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...

4.8CVSS5.9AI score0.00483EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2026/06/22 7:56 p.m.32 views

CVE-2026-44727

Jupyter Server (prior to 2.20) is affected by a stored XSS in the nbconvert HTML export path. The nbconvert HTTP handlers NbconvertFileHandler and NbconvertPostHandler render notebook HTML under the Jupyter origin without a sandbox directive in Content-Security-Policy, and NbconvertHTMLExporter’s...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/06/21 1:27 p.m.35 views

CVE-2026-56395 SiYuan - Remote Code Execution via Malicious Bazaar Package Metadata and README

SiYuan before v3.6.1 fails to sanitize package metadata and README content in the Bazaar marketplace, allowing malicious package authors to inject arbitrary HTML and JavaScript. Attackers can achieve remote code execution on any user browsing the Bazaar by embedding XSS payloads in package...

9.6CVSS0.00391EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.11 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS5.9AI score0.00204EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS5.8AI score0.00336EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 12:31 p.m.26 views

CVE-2026-41552

PDF Export Module used in DHTMLX’s Gantt and Scheduler is vulnerable to path traversal due to insufficient HTML sanitization. An unauthenticated user could craft a payload that references local server files and renders them in the generated PDF. The issue is fixed in PDF Export Module version 0.7...

9.2CVSS5.8AI score0.00497EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/14 2:51 p.m.7 views

CVE-2026-44482

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS6AI score0.00336EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/14 2:51 p.m.13 views

EUVD-2026-30300

soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local command execution on...

9.6CVSS6AI score0.00336EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/14 11:22 p.m.12 views

WWBN AVideo has Stored XSS via Unanchored Duration Regex in Video Encoder Receiver

Summary The isValidDuration regex at objects/video.php:918 uses /^0-91,2:0-91,2:0-91,2/ without a $ end anchor, allowing arbitrary HTML/JavaScript to be appended after a valid duration prefix. The crafted duration is stored in the database and rendered without HTML escaping via echo...

5.4CVSS6AI score0.00173EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/04/14 3:30 p.m.5 views

EUVD-2026-22276

A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to...

7.1CVSS6.1AI score0.002EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:56 p.m.3 views

CVE-2026-4344

A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read loc...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/14 1:56 p.m.4 views

CVE-2026-4345

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32645

A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting XSS vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context o...

7.1CVSS6.1AI score0.00204EPSS
Exploits0References6
NVD
NVD
added 2026/04/03 4:16 p.m.5 views

CVE-2026-35218

Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names tables, views, queries, automations using Svelte's @html directive without any sanitization. An authenticated user with Builder access can create a table, automation, vie...

8.7CVSS0.0033EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:47 p.m.4 views

CVE-2026-35218

Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names tables, views, queries, automations using Svelte's @html directive without any sanitization. An authenticated user with Builder access can create a table, automation, vie...

8.7CVSS5.8AI score0.0033EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder