Lucene search
K

1238 matches found

Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27516

Name of the Vulnerable Software and Affected Versions ActiveMatrix BusinessWorks and Enterprise Administrator affected versions not specified Description The software contains injection flaws stemming from inadequate validation or sanitization of user-provided input. This can lead to the disclosu...

8.7CVSS5.8AI score0.00333EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/07 7:31 p.m.5 views

CVE-2026-29082

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS5.8AI score0.00232EPSS
Exploits1References1
NVD
NVD
added 2026/03/06 5:16 p.m.8 views

CVE-2026-29082

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS0.00232EPSS
Exploits1References2
OSV
OSV
added 2026/03/06 4:33 p.m.4 views

CVE-2026-29082 Kestra: Stored Cross-Site Scripting in Markdown File Preview

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS5.8AI score0.00232EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.9 views

PT-2026-23727

Kestra is an event-driven orchestration platform. In versions from 1.1.10 and prior, Kestra’s execution-file preview renders user-supplied Markdown .md with markdown-it instantiated as html:true and injects the resulting HTML with Vue’s v-html without sanitisation. At time of publication, there a...

7.3CVSS5.8AI score0.00232EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/03 6:31 a.m.8 views

mailparser vulnerable to Cross-site Scripting

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

6.1CVSS6.1AI score0.00311EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/03/03 5:17 a.m.7 views

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

6.1CVSS0.00311EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/03 5:0 a.m.6 views

EUVD-2026-9279

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

6.1CVSS6.1AI score0.00311EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/03 5:0 a.m.28 views

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

6.1CVSS0.00311EPSS
Exploits1References4
CVE
CVE
added 2026/03/03 5:0 a.m.30 views

CVE-2026-3455

Summary: CVE-2026-3455 affects the node package mailparser up to version 3.9.3. Vulnerability: XSS via the textToHtml() function caused by improper sanitisation of URLs in email content. An attacker can execute arbitrary JavaScript in the victim’s browser by supplying a URL with an extra quote ch...

6.1CVSS6.1AI score0.00311EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.7 views

PT-2026-22720

Name of the Vulnerable Software and Affected Versions mailparser versions prior to 3.9.3 Description The package mailparser is susceptible to Cross-site Scripting XSS due to insufficient sanitization of URLs within email content. Specifically, the textToHtml function does not properly handle URLs...

6.1CVSS6.1AI score0.00311EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.9 views

PT-2026-22084

Name of the Vulnerable Software and Affected Versions Drupal Tagify versions prior to 1.2.49 Description The Tagify module for Drupal does not properly sanitize user-provided input before using it in JavaScript templates within the Tagify widget. This allows for the execution of arbitrary...

5.4CVSS6.2AI score0.00136EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/02/21 4:53 p.m.154 views

regexss

regexss Overly-greedy regex r...

5.5AI score
Exploits0
Debian
Debian
added 2026/02/20 7:20 p.m.9 views

[SECURITY] [DSA 6147-1] pillow security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6147-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff February 20, 2026 https://www.debian.org/security/faq -...

8.6CVSS6.1AI score0.00367EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/02/06 6:34 p.m.9 views

SCEditor has DOM XSS via emoticon URL/HTML injection

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

5.4CVSS5.3AI score0.00216EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/06 6:34 p.m.3 views

GHSA-25FQ-6QGG-QPJ8 SCEditor has DOM XSS via emoticon URL/HTML injection

If an attacker has the ability control configuration options passed to sceditor.create, like emoticons, charset, etc. then it's possible for them to trigger an XSS attack due to lack of sanitisation of configuration options. Proof of concept: js sceditor.createtextarea, emoticons: dropdown: ':':...

5.4CVSS5.9AI score0.00216EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/02/02 11:40 a.m.5 views

kernel: io_uring: prevent opcode speculation

In the Linux kernel, the following vulnerability has been resolved: iouring: prevent opcode speculation sqe-opcode is used for different tables, make sure we santitise it against speculations...

7.8CVSS6.8AI score0.00218EPSS
Exploits0References5
Snyk
Snyk
added 2026/01/28 8:2 a.m.6 views

Cross-site Scripting (XSS)

Overview mailparser is an email parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to t...

6.1CVSS5.9AI score0.00311EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 12:34 p.m.11 views

CVE-2023-45207

An issue was discovered in Zimbra Collaboration ZCS 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. This has been mitigated by sanitising th...

6.1CVSS5.8AI score0.00474EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.6 views

CVE-2022-0814

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections...

9.8CVSS7.5AI score0.09495EPSS
Exploits2References1
Rows per page
Query Builder