Lucene search
K

8 matches found

NVD
NVD
added 2026/06/24 9:16 p.m.8 views

CVE-2026-47733

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

4.4CVSS0.00118EPSS
Exploits0References1
CVE
CVE
added 2026/06/24 8:51 p.m.9 views

CVE-2026-47733

Rocket.Chat CVE-2026-47733 affects the ImageElement in packages/gazzodown prior to 8.5.0, where user-controlled src values are inserted into and without protocol sanitization. An authenticated user can post markdown images with a javascript: URL that, on older browsers, could execute arbitrary ...

4.4CVSS6.1AI score0.00118EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/24 8:51 p.m.19 views

CVE-2026-47733 Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

4.4CVSS0.00118EPSS
Exploits0References1
OSV
OSV
added 2026/06/24 8:51 p.m.2 views

CVE-2026-47733 Rocket.Chat: Missing URL protocol sanitization in ImageElement allows javascript: URLs in markdown images

Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses...

4.4CVSS6.2AI score0.00118EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52097

Name of the Vulnerable Software and Affected Versions Rocket.Chat versions prior to 8.5.0 Description The ImageElement component in packages/gazzodown renders user-controlled src values directly into and attributes without protocol sanitization. While the LinkSpan component utilizes sanitizeUrl t...

4.4CVSS6AI score0.00118EPSS
Exploits0References4
Snyk
Snyk
added 2025/03/20 10:47 a.m.3 views

Relative Path Traversal

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Relative Path Traversal in the...

7.7CVSS6.9AI score0.02484EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2024/05/23 7:36 a.m.5 views

kernel: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftct: sanitize layer 3 and 4 protocol number in custom expectations The Linux kernel CVE team has assigned CVE-2024-26673 to this issue. Upstream advisory:...

7.1CVSS6.2AI score0.00237EPSS
Exploits0References5
OSV
OSV
added 2019/10/02 7:15 p.m.16 views

CVE-2019-12736

JetBrains Ktor framework before 1.2.0-rc does not sanitize the username provided by the user for the LDAP protocol, leading to command injection...

9.8CVSS7.3AI score
Exploits0References1
Rows per page
Query Builder