Lucene search
+L

50 matches found

CVE
CVE
added 11 hours ago12 views

CVE-2026-8075

CVE-2026-8075 concerns the Mattermost Desktop App. The connected details specify that versions

6.5CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added 11 hours ago13 views

CVE-2026-8075 Posting a malicious markdown image crashes the Mattermost Desktop App

Mattermost Desktop App versions =6.2 5.5.13 6.0.2.0 fail to properly null check when checking for headers in the Mattermost Desktop App which allows any user to crash another channel members Desktop App via posting a malicious link with an embedded image that misses one of those headers. Mattermo...

6.5CVSS
Exploits0References1
NVD
NVD
added 2026/07/10 5:17 p.m.5 views

CVE-2026-55890

Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...

4.8CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/07/10 4:17 p.m.20 views

CVE-2026-55890

Grav CVE-2026-55890 concerns stored CSS injection via Markdown image style parameters that reach MediaObjectTrait::style(). The incomplete patch from GHSA-r7fx-8g49-7hhr fixed attribute() (denying dangerous attribute names) but leaves the sibling style() sink unmitigated, allowing editor-supplied...

4.8CVSS6.1AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 4:17 p.m.29 views

CVE-2026-55890 Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style()

Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...

4.8CVSS0.00187EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/10 4:17 p.m.6 views

EUVD-2026-42946

Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...

4.8CVSS6.1AI score0.00187EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 4:17 p.m.3 views

CVE-2026-55890 Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style()

Grav is a file-based Web platform. Prior to 2.0.0-rc.9, Grav's incomplete fix for stored XSS through the Markdown media attribute action CVE-2026-42841 leaves the sibling MediaObjectTrait::style method reachable through the same Markdown excerpt-action pipeline, allowing an editor to save Markdow...

4.8CVSS6.1AI score0.00187EPSS
Exploits0References5
NVD
NVD
added 2026/07/08 2:17 p.m.9 views

CVE-2026-58657

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS0.00217EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 1:49 p.m.12 views

CVE-2026-58657

Grav before 2.0.0 (through 2.0.0-rc.9 and the 2.0 branch) contains a stored CSS injection in the Markdown image resize() action. In Excerpts::processMediaActions(), the resize() path writes caller-controlled values directly into the image’s styleAttributes. A low-priv content editor who can edit ...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/08 1:49 p.m.7 views

EUVD-2026-42267

Grav before 2.0.0 affected through 2.0.0-rc.9 and the 2.0 branch contains a stored CSS injection vulnerability in the Markdown image resize media action. Prior media hardening rejects direct ?style= payloads and unsafe attribute fallbacks, but the resize action in Excerpts::processMediaActions...

4.8CVSS6.1AI score0.00217EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 3:32 p.m.11 views

EUVD-2026-39775

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS5.8AI score0.00194EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.9 views

CVE-2026-3472

Mattermost versions 10.11.x = 10.11.18, 11.6.x = 11.6.3, 11.5.x = 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into to...

3.5CVSS0.00194EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:42 p.m.24 views

CVE-2026-3472

CVE-2026-3472 affects Mattermost where specific versions (10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x

3.5CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/06/24 8:51 p.m.10 views

CVE-2026-47733

Rocket.Chat CVE-2026-47733 affects the ImageElement in packages/gazzodown prior to 8.5.0, where user-controlled src values are inserted into and without protocol sanitization. An authenticated user can post markdown images with a javascript: URL that, on older browsers, could execute arbitrary ...

4.4CVSS6.1AI score0.00118EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/18 2:49 p.m.8 views

Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style() — incomplete patch of GHSA-r7fx-8g49-7hhr

Summary The fix for GHSA-r7fx-8g49-7hhr / CVE-2026-42841 Stored XSS via Markdown media attribute action is incomplete. The maintainer patched MediaObjectTrait::attribute to deny dangerous attribute names event handlers, style, xmlns, srcdoc, formaction but the sibling MediaObjectTrait::style meth...

6.9CVSS5.3AI score0.00397EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/06/18 2:22 p.m.23 views

CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.4CVSS0.00272EPSS
Exploits0References1
OSV
OSV
added 2026/05/18 9:31 a.m.22 views

GHSA-XVCX-MGPC-5XH3 Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

4.3CVSS5.8AI score0.00113EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/18 9:31 a.m.13 views

Mattermost doesn't validate the X-Requested-With header on the burn-on-read reveal endpoint

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

4.3CVSS5.8AI score0.00113EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2026/05/18 9:16 a.m.41 views

CVE-2026-6339

Mattermost versions 11.5.x = 11.5.1, 11.4.x = 11.4.3 fail to validate the X-Requested-With header on the burn-on-read reveal endpoint which allows an authenticated channel member to force the reveal of a burn-on-read message without recipient consent via a crafted Markdown image tag.. Mattermost...

4.3CVSS0.00113EPSS
Exploits0References1
CVE
CVE
added 2026/05/18 8:5 a.m.26 views

CVE-2026-6339

Mattermost contains a vulnerability (CVE-2026-6339) in versions 11.5.x <= 11.5.1 and 11.4.x

4.3CVSS5.8AI score0.00113EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder