Lucene search
+L

3520 matches found

ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.19 views

PT-2026-56664

Name of the Vulnerable Software and Affected Versions Drupal UI Patterns SDC in Drupal UI versions 2.0.0 through 2.0.17 Description An issue exists where the module does not sufficiently sanitize markup passed to components in certain scenarios, leading to Stored Cross-site Scripting XSS...

6.1AI score0.00274EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/07/08 12:0 a.m.10 views

PT-2026-56648

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.115 Description A use after free issue in Views allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. Use after free is a memory corruption flaw that occurs when an...

9.6CVSS6AI score0.0026EPSS
Exploits0References37
attackerkb
attackerkb
added 2026/07/07 8:37 p.m.5 views

CVE-2026-55647

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...

5.1CVSS6AI score0.00269EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/07/07 4:59 p.m.2 views

SUSE-SU-2026:22575-1 Security update for alloy

This update for alloy fixes the following issues: Update to version 1.17.0. Security issues fixed: - CVE-2026-25680: golang.org/x/net/html: parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service bsc1267185. - CVE-2026-25681: golang.org/x/net/html: parsing...

10CVSS6.8AI score0.00533EPSS
Exploits5References37
osv
osv
added 2026/07/07 4:41 p.m.8 views

GO-2026-5919 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder

Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component in github.com/coder/coder...

5.4CVSS5.9AI score0.00316EPSS
Exploits0References2
osv
osv
added 2026/07/07 2:34 p.m.4 views

PYSEC-2026-1431 Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference

RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity...

8.2CVSS5.9AI score0.00408EPSS
Exploits0References7
osv
osv
added 2026/07/06 9:12 p.m.5 views

GHSA-7QW2-F75V-62F7 Coder vulnerable to stored HTML injection via workspace agent logs in AgentLogLine component

Summary The AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded in workspace agent log lines was rendered as live markup. Server-side sanitization did not neutralize HTML metacharacters. Note:...

5.4CVSS6.1AI score0.00316EPSS
Exploits0References3
osv
osv
added 2026/07/06 8:10 p.m.2 views

OPENSUSE-SU-2026:21210-1 Security update for google-osconfig-agent

This update for google-osconfig-agent fixes the following issues - CVE-2023-45288: golang.org/x/net/http2: close connections when receiving too many headers. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251453. -...

10CVSS7AI score0.91969EPSS
Exploits3References31
ivanti
ivanti
added 2026/07/03 11:45 a.m.16 views

SAML 2.0 SP signature validation behaviour from ICS 25.1.3.0

Last Modified Date Jul 3, 2026 11:45:26 AM...

5.9AI score
Exploits0
euvd
euvd
added 2026/07/02 8:42 p.m.25 views

EUVD-2026-12688

Keycloak: Unauthorized access via improper validation of encrypted SAML assertions...

7.7CVSS5.8AI score0.00241EPSS
Exploits0References11
osv
osv
added 2026/07/02 2:13 p.m.3 views

PYSEC-2026-724 Out-of-bounds Write in OpenCV

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.1.0 corresponds with OpenCV-Python 4.1.0.25. A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. An...

8.8CVSS7.6AI score0.20947EPSS
Exploits1References9
euvd
euvd
added 2026/07/02 12:31 a.m.8 views

EUVD-2026-41192

Uninitialized Use in Dawn in Google Chrome on ChromeOS prior to 150.0.7871.46 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00215EPSS
Exploits0References3
redhat
redhat
added 2026/07/02 12:3 a.m.4 views

org.apache.logging.log4j/log4j-core: Apache Log4j Core: Invalid XML output causes denial of service in logging

A flaw was found in Apache Log4j Core. The XmlLayout component, responsible for formatting log messages into XML, does not properly remove or replace characters that are not allowed in XML 1.0. When log messages or diagnostic information contain these forbidden characters, the resulting XML outpu...

7.5CVSS5.9AI score0.0086EPSS
Exploits0References9
osv
osv
added 2026/07/01 11:16 p.m.6 views

DEBIAN-CVE-2026-14403

Use after free in V8 in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

8.8CVSS6.2AI score0.00257EPSS
Exploits0References1
osv
osv
added 2026/07/01 11:16 p.m.4 views

UBUNTU-CVE-2026-14389

Integer overflow in Skia in Google Chrome prior to 150.0.7871.46 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

8.3CVSS5.9AI score0.00242EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/01 10:22 p.m.32 views

CVE-2026-14425

Use after free in ANGLE in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

0.00218EPSS
Exploits0References2
euvd
euvd
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40825

Inappropriate implementation in WebAppInstalls in Google Chrome on Windows prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00163EPSS
Exploits0References3
euvd
euvd
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40824

Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00187EPSS
Exploits0References3
euvd
euvd
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40794

Use after free in Scheduling in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Low...

6.2AI score0.0028EPSS
Exploits0References3
euvd
euvd
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40756

Integer overflow in WebNN in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

5.9AI score0.00229EPSS
Exploits0References3
Rows per page
Query Builder