Lucene search
K

5 matches found

NVD
NVD
added 2026/05/14 7:16 p.m.13 views

CVE-2026-45375

SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, SiYuan's Bazaar community marketplace renders the name and version fields of a package's plugin.json and the equivalent theme.json / template.json / widget.json / icon.json into the Settings → Marketplace UI without HT...

9CVSS0.00361EPSS
Exploits0References1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.7 views

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped...

6.9CVSS5.7AI score0.00265EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/09 12:0 a.m.5 views

PT-2026-24170

Name of the Vulnerable Software and Affected Versions FileBrowser versions prior to 1.3.1-beta FileBrowser versions prior to 1.2.2-stable Description FileBrowser is a free, self-hosted, web-based file manager. A stored cross-site scripting XSS issue exists due to the use of text/template instead ...

9.9CVSS6AI score0.22162EPSS
Exploits68References141
Vulnrichment
Vulnrichment
added 2026/02/20 9:27 p.m.2 views

CVE-2026-27120 Leaf-kit html escaping does not work on characters that are part of extended grapheme cluster

Leafkit is a templating language with Swift-inspired syntax. Prior to 1.4.1, htmlEscaped in leaf-kit will only escape html special characters if the extended grapheme clusters match, which allows bypassing escaping by using an extended grapheme cluster containing both the special html character a...

6.1CVSS5.5AI score0.0023EPSS
Exploits1References2
Snyk
Snyk
added 2018/07/02 12:29 p.m.3 views

Cross-site Scripting (XSS)

Overview xapian-core is a provides Xapian libraries and Ruby bindings. Affected versions of this package are vulnerable to Cross-site Scripting XSS. A cross-site scripting vulnerability in queryparser/termgeneratorinternal.cc in Xapian xapian-core before 1.4.6 exists due to incomplete HTML escapi...

6.1CVSS5.4AI score0.01452EPSS
Exploits0References2
Rows per page
Query Builder