Lucene search
K

427 matches found

CVE
CVE
added 2026/05/28 12:16 p.m.25 views

CVE-2026-9818

CVE-2026-9818 is rejected/not used; this entry does not represent an active vulnerability.

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-27136

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

6.1CVSS6.2AI score0.00178EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/26 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-42506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications...

6.1CVSS6.2AI score0.00188EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/22 3:1 p.m.13 views

CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

0.00178EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 3:1 p.m.96 views

CVE-2026-42502

Summary of CVE-2026-42502 : The vulnerability concerns the Go project’s HTML parsing in the package golang.org/x/net/html. The root cause is an incorrect handling of HTML elements in foreign content during parsing, which can produce an unexpected HTML tree when rendering with Render. This behavio...

6.1CVSS6AI score0.00178EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.8 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go. This vulnerability arises from parsing arbitrary HTML and using Render for rendering, which may lead ...

6.1CVSS5.9AI score0.00178EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Concrete CMS 跨站脚本漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site scripting vulnerability. This vulnerability occurred due to the OAuth integration name being rendered using the t translation assistant. As a result, the...

7.3CVSS5.7AI score0.00181EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 2:19 a.m.13 views

EUVD-2026-31048

mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML...

7.4CVSS5.6AI score0.0032EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 2:19 a.m.19 views

CVE-2026-7460

CVE-2026-7460 affects mailcow-dockerized (2026-03b) and describes a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and render...

7.4CVSS5.6AI score0.0032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/20 12:0 a.m.17 views

PT-2026-42099

Name of the Vulnerable Software and Affected Versions mailcow-dockerized version 2026-03b Description A stored cross-site scripting issue exists in the administrator Queue Manager. The Queue Manager retrieves mail queue entries from the endpoint '/api/v1/get/mailq/all' and copies server-controlle...

7.4CVSS5.8AI score0.0032EPSS
Exploits0References6
CVE
CVE
added 2026/05/19 9:18 p.m.17 views

CVE-2026-34246

CtrlPanel CVE-2026-34246 affects versions 1.1.1 and earlier. The vulnerability is a Stored XSS in the admin role management interface where datatable() inserts $role->name and $role->color directly into HTML and a .rawColumns(['actions','name']) setting disables automatic escaping. An admin...

4.8CVSS5.8AI score0.00216EPSS
Exploits0References2
NVD
NVD
added 2026/05/18 7:16 p.m.11 views

CVE-2026-45231

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...

6.1CVSS0.00186EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 6:40 p.m.7 views

CVE-2026-45231

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...

6.1CVSS5.9AI score0.00186EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/18 6:40 p.m.9 views

CVE-2026-45231 DumbAssets 1.0.11 Stored Cross-Site Scripting via Asset Fields

DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...

6.1CVSS5.9AI score0.00186EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41718

Name of the Vulnerable Software and Affected Versions DumbAssets versions 1.0 through 1.0.11 Description A stored cross-site scripting issue exists in asset fields, specifically name, description, modelNumber, serialNumber, and tags. These fields are stored without server-side sanitization and...

6.1CVSS5.9AI score0.00186EPSS
Exploits0References5
Veracode
Veracode
added 2026/05/16 5:27 a.m.13 views

Cross-site Scripting (XSS)

FileBrowser Quantum is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper escaping of user-controlled share metadata fields when rendered in HTML using text/template, which allows an attacker to inject and execute malicious scripts when users visit a shared URL...

8.9CVSS7.3AI score0.00347EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/05/15 9:21 p.m.66 views

CVE-2026-45303 Open WebUI: Stored XSS via the HTML renedering view

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an...

7.7CVSS0.00217EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/15 9:21 p.m.11 views

CVE-2026-45303 Open WebUI: Stored XSS via the HTML renedering view

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an...

7.7CVSS5.9AI score0.00217EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/15 9:21 p.m.19 views

EUVD-2026-30654

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.6.5, through the HTML rendering view, scripts can be injected and executed. The frontend provides a function to visualize the HTML content of a current chat. The content is embedded in an...

7.7CVSS5.9AI score0.00217EPSS
Exploits1References1
CVE
CVE
added 2026/05/15 9:21 p.m.21 views

CVE-2026-45303

Open WebUI vulnerability CVE-2026-45303: Stored XSS via the HTML rendering view affects Open WebUI prior to 0.6.5. The frontend renders chat HTML inside an iframe with sandbox=

7.7CVSS5.9AI score0.00217EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder