Lucene search
K

3917 matches found

Nuclei
Nuclei
added 7 hours ago9 views

Stirling-PDF < 1.1.0 - Server-Side Request Forgery

Stirling-PDF 1.1.0 contains a server side request forgery caused by bypassing the sanitizer in the /api/v1/convert/html/pdf endpoint when processing HTML to PDF conversion, letting attackers perform SSRF, exploit requires local access. id: CVE-2025-55150 info: name: Stirling-PDF 1.1.0 - Server-Si...

9.8CVSS6.1AI score0.01701EPSS
Exploits0References2
Nuclei
Nuclei
added 7 hours ago8 views

SiYuan <= v3.5.9 - Cross Site Scripting

SiYuan v3.5.10 contains a reflected XSS caused by improper sanitization of javascript: href attributes allowing ASCII control characters to bypass prefix checks in SVG sanitizer, letting unauthenticated attackers execute JavaScript via /api/icon/getDynamicIcon. id: CVE-2026-31809 info: name: SiYu...

6.4CVSS7.1AI score0.00505EPSS
Exploits1References2
Nuclei
Nuclei
added 7 hours ago86 views

Stirling-PDF SSRF via Markdown

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...

9.8CVSS6.1AI score0.01999EPSS
Exploits1References2
CVE
CVE
added yesterday24 views

CVE-2026-48761

CVE-2026-48761 affects the Symfony HtmlSanitizer: UrlAttributeSanitizer misses URL-bearing attributes on , , , and also URLs inside content. Affects Symfony versions 6.1.0 through 6.4.41, 7.4.13, and 8.0.13. Root cause: UrlAttributeSanitizer omits certain URL attributes and multi-field URLs, en...

5.3CVSS6.1AI score0.00051EPSS
Exploits0References5
CVE
CVE
added yesterday21 views

CVE-2026-48760

Symfony HtmlSanitizer/UrlSanitizer::parse() had an underinclusive denial for BiDi formatting characters and Unicode whitespace, allowing percent-encoded BiDi marks to bypass the check. The issue affects UrlSanitizer::parse() behavior from Symfony 6.1.0 up to 6.4.41, 7.4.13, and 8.0.13, where raw ...

5.3CVSS6.1AI score0.00025EPSS
Exploits0References5
CVE
CVE
added yesterday25 views

CVE-2026-45064

Symfony’s HtmlSanitizer UrlSanitizer.parse() is vulnerable in 6.1.0-BETA1 through 6.4.40, 7.4.12, and 8.0.12, because Unicode BiDi formatting characters pass through into href/src attributes, enabling visual spoofing where the link text differs from the destination. The issue is fixed in 6.4.40, ...

2.3CVSS6.1AI score0.00069EPSS
Exploits0References5
CVE
CVE
added yesterday23 views

CVE-2026-45753

In Symfony HTML sanitizer, the UrlAttributeSanitizer ignored certain URL-valued attributes (action, formaction, poster, cite) because getSupportedAttributes() omitted them. Configurations with permissive element/attribute allowances could let javascript: URIs bypass sanitization, enabling XSS whe...

2.1CVSS6.1AI score0.00082EPSS
Exploits0References5
CVE
CVE
added yesterday14 views

CVE-2026-45066

Symfony HtmlSanitizer in versions 6.1.0-BETA1 through 6.4.40, 7.4.12, and 8.0.12 contains a bypass that can let off-allowlist URLs slip through allowLinkHosts()/allowMediaHosts() due to RFC 3986 vs WHATWG parsing differences and misclassification of . The issue is fixed in 6.4.40, 7.4.12, and 8.0...

2.3CVSS6.1AI score0.00048EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-39126

SiYuan: Stored XSS in Bazaar marketplace via package README event handlers...

7.1CVSS6.1AI score0.0018EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-59923

A flaw was found in Mistune, a Python Markdown parser. This vulnerability allows an attacker to bypass URL protections by using specially crafted Markdown links or images containing percent-encoded javascript URIs. This can lead to the execution of arbitrary scripts in the rendered HTML,...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References6
OSV
OSV
added 6 days ago2 views

CVE-2026-59833 SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS6.1AI score0.00388EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-59833 SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)

SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute's dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored...

8.6CVSS0.00388EPSS
Exploits0References3
Fedora
Fedora
added 6 days ago9 views

[SECURITY] Fedora 44 Update: python-nh3-0.3.6-1.fc44

Python binding to Ammonia HTML sanitizer Rust crate...

5.9AI score
Exploits0
PyPA
PyPA
added 2026/07/07 4:2 p.m.8 views

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/07/07 12:0 a.m.2 views

MAL-2026-7012 Malicious code in express-mongo-limit (npm)

The npm package express-mongo-limit masquerades as an Express/MongoDB payload sanitization middleware likely typosquatting express-mongo-sanitize but is a credential stealer, remote-code-execution backdoor, crypto clipboard hijacker, and screenshot spyware. It declares a postinstall: node index.j...

6.2AI score
Exploits0References8
OSV
OSV
added 2026/07/06 5:55 a.m.5 views

BIT-MASTODON-2026-50129 Mastodon: Persistent anonymous DoS via unhandled NoMethodError in MATH_TRANSFORMER

Mastodon is a free, open-source social network server based on ActivityPub. Prior to 4.5.11, 4.4.18, and 4.3.24, a DoS can be triggered by Uncaught Exception vulerability, due to missing exception handling in the math sanitizer. Malformed nodes can result in a DoS of a whole server or targeted...

7.5CVSS5.9AI score0.00263EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:31 p.m.13 views

EUVD-2026-37811

Steeltoe's env sanitizer misses connection strings — leaks embedded DB passwords...

7.5CVSS5.8AI score0.00185EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-53343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 ARM: 9430/1: entry: Do a dummy read from VMAP shadow added a dummy read from t...

6AI score0.00161EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 8:35 p.m.36 views

CVE-2026-58263 Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
OSV
OSV
added 2026/07/01 8:35 p.m.5 views

CVE-2026-58263 Jodit Editor: Mutation XSS in jodit clean-html via a MathML/style rawtext carrier

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS5.9AI score0.00179EPSS
Exploits0References3
Rows per page
Query Builder