Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

402 matches found

OSV
OSVadded 2026/05/06 8:59 p.m.4 views

GHSA-X597-9FR4-5857 Hugo's Node tool execution allows file system access outside the project directory

Impact When building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could allow code running through these tools to read or write...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/06 8:59 p.m.18 views

Hugo's Node tool execution allows file system access outside the project directory

Impact When building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could allow code running through these tools to read or write...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/06 12:0 a.m.15 views

PT-2026-38298

Name of the Vulnerable Software and Affected Versions Hugo versions prior to 0.161.0 Description When building a site that utilizes Node-based asset pipelines such as PostCSS, Babel, or TailwindCSS, the software invokes configured Node tools without restrictions on file system access. This allows...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References13
SUSE CVE
SUSE CVEadded 2026/04/14 11:25 p.m.3 views

SUSE CVE-2026-35166

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.3CVSS5.7AI score0.00185EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2026/04/13 10:39 a.m.4 views

Moderate: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: hugo: hugo-0.160.1-2.hum1 aarch64, x8664 hugo-0.160.1-2.hum1.src src...

5.4CVSS5.8AI score0.00185EPSS
Exploits0References3
Chainguard
Chainguardadded 2026/04/11 2:18 a.m.8 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: trivy, knative-net-istio-fips, kapp, datadog-agent, influxd, caddy, commercial-chainloop-backend, crossplane-provider-azure-managedidentity, prometheus-pushgateway-fips, http-echo, gatus-fips, kube-bench, custom-pod-autoscaler-fips, ingress-nginx-controller,...

7.5CVSS7.1AI score0.00449EPSS
Exploits0
RedhatCVE
RedhatCVEadded 2026/04/06 6:52 p.m.2 views

CVE-2026-35166

A flaw was found in Hugo, a static site generator. This vulnerability arises from improper escaping of links and image links within the default markdown to HTML renderer. A remote attacker could exploit this by crafting malicious markdown content, potentially leading to information disclosure or...

5.4CVSS5.8AI score0.00185EPSS
Exploits0References4
NVD
NVDadded 2026/04/06 6:16 p.m.3 views

CVE-2026-35166

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.4CVSS0.00185EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2026/04/06 6:16 p.m.3 views

CVE-2026-35166

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.4CVSS5.8AI score0.00185EPSS
Exploits0References2
OSV
OSVadded 2026/04/06 6:16 p.m.0 views

UBUNTU-CVE-2026-35166

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.4CVSS5.7AI score0.00185EPSS
Exploits0References3
AlpineLinux
AlpineLinuxadded 2026/04/06 5:37 p.m.3 views

CVE-2026-35166

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.4CVSS5.7AI score0.00185EPSS
Exploits0References1
CVE
CVEadded 2026/04/06 5:37 p.m.21 views

CVE-2026-35166

CVE-2026-35166 affects Hugo, a static site generator. The Markdown renderer in Hugo releases 0.60.0 through before 0.159.2 fails to properly escape certain links and image links in the default Markdown-to-HTML renderer. The issue is fixed in 0.159.2. According to the consolidated sources, the vul...

5.4CVSS5.8AI score0.00185EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2026/04/06 5:37 p.m.18 views

CVE-2026-35166 Hugo does not properly escape some Markdown links

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.3CVSS0.00185EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/04/06 5:37 p.m.2 views

CVE-2026-35166

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.3CVSS5.8AI score0.00185EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/06 5:37 p.m.1 views

CVE-2026-35166 Hugo does not properly escape some Markdown links

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.3CVSS5.8AI score0.00185EPSS
Exploits0References1
Debian CVE
Debian CVEadded 2026/04/06 5:37 p.m.2 views

CVE-2026-35166

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

5.4CVSS5.3AI score0.00185EPSS
Exploits0
CNNVD
CNNVDadded 2026/04/06 12:0 a.m.6 views

Hugo 跨站脚本漏洞

Hugo is a framework based on the Go language used for quickly generating static websites within the Gohugoio community. Versions of Hugo from 0.60.0 to 0.159.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper escaping of links and image links in the default...

5.4CVSS5.7AI score0.00185EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2026/04/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2026-35166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo...

5.4CVSS5.5AI score0.00185EPSS
Exploits0References3
OSV
OSVadded 2026/04/03 11:38 p.m.0 views

GHSA-MCV8-8M8X-48PG Hugo: Certain markdown links are not properly escaped

Impact Links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. Patches Patched in v0.159.2 Workarounds Create custom render hooks for links and images in...

5.3CVSS5.9AI score0.00185EPSS
Exploits0References4
Github Security Blog
Github Security Blogadded 2026/04/03 11:38 p.m.6 views

Hugo: Certain markdown links are not properly escaped

Impact Links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. Patches Patched in v0.159.2 Workarounds Create custom render hooks for links and images in...

5.4CVSS5.9AI score0.00185EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder