Lucene search
K

639 matches found

EUVD
EUVD
added 2026/02/25 11:0 p.m.5 views

EUVD-2026-8590

Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover...

9CVSS5.2AI score0.06029EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/02/25 10:40 p.m.6 views

Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure

Details The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application does not sanitize SVG content before storing it. When the uploaded SVG file is...

7.3CVSS5.9AI score0.00453EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/02/25 10:40 p.m.4 views

GHSA-7JP5-298Q-JG98 Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure

Details The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application does not sanitize SVG content before storing it. When the uploaded SVG file is...

7.3CVSS6AI score0.00453EPSS
Exploits1References6
NVD
NVD
added 2026/02/25 10:16 p.m.4 views

CVE-2026-27616

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application...

7.3CVSS0.00453EPSS
Exploits1References3
CVE
CVE
added 2026/02/25 9:37 p.m.23 views

CVE-2026-27616

Vikunja prior to version 2.0.0 permitted uploading SVG attachments without sanitization. Uploaded SVGs rendered inline under the app’s origin, allowing embedded JavaScript to run in the context of the authenticated user, exposing the token stored in localStorage. This CVE describes a stored XSS r...

7.3CVSS5.6AI score0.00453EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/02/25 3:16 a.m.11 views

CVE-2026-27822

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an...

9CVSS0.06029EPSS
Exploits1References1
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/25 12:0 a.m.8 views

Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure

Details The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application does not sanitize SVG content before storing it. When the uploaded SVG file is...

7.3CVSS5.9AI score0.00453EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.10 views

PT-2026-21848

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.83 Description RustFS is a distributed object storage system built in Rust. A Stored Cross-Site Scripting XSS vulnerability exists in the RustFS Console, allowing an attacker to execute arbitrary JavaScript...

9CVSS6.1AI score0.06029EPSS
Exploits1References23
NVD
NVD
added 2026/02/21 12:16 a.m.4 views

CVE-2026-27189

OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below, use non-atomic and insufficiently synchronized local JSON persistence flows, potentially causing concurrent operations to lose updates or corrupt local state...

6.6CVSS0.00112EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/02/18 8:42 a.m.2 views

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

7.5CVSS5.8AI score0.00624EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/18 2:32 a.m.4 views

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

7.5CVSS7AI score0.00624EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.1 views

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

7.5CVSS5.8AI score0.00624EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 9:33 a.m.4 views

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

7.5CVSS5.8AI score0.00624EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 9:32 a.m.4 views

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

7.5CVSS5.8AI score0.00624EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 1:5 a.m.4 views

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

7.5CVSS5.8AI score0.00624EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/02/17 12:48 a.m.3 views

nodejs: Nodejs denial of service

A stack overflow flaw has been discovered in Node.js error handling where "Maximum call stack size exceeded" errors become uncatchable when asynchooks.createHook is enabled. Instead of reaching process.on'uncaughtException', the process terminates, making the crash unrecoverable. Applications tha...

7.5CVSS7AI score0.00624EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/14 7:22 p.m.10 views

CVE-2026-25964

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This...

4.9CVSS5.8AI score0.0042EPSS
Exploits2References1
OSV
OSV
added 2026/02/13 6:27 p.m.7 views

CVE-2026-25964 Tandoor Recipes Affected by Authenticated Local File Disclosure (LFD) via Recipe Import leads to Arbitrary File Read

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This...

4.9CVSS5.8AI score0.0042EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2026/02/13 12:0 a.m.11 views

PT-2026-8022

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.5.1, a Path Traversal vulnerability in the RecipeImport workflow of Tandoor Recipes allows authenticated users with import permissions to read arbitrary files on the server. This...

4.9CVSS5.8AI score0.0042EPSS
Exploits2References4
Fedora
Fedora
added 2026/02/11 1:0 a.m.8 views

[SECURITY] Fedora 42 Update: rust-sccache-0.12.0-3.fc42

Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage...

7.5CVSS5.6AI score0.00443EPSS
Exploits1
Rows per page
Query Builder