Lucene search
+L

445 matches found

patchstack
patchstack
added 2026/05/14 8:19 p.m.12 views

NPM: Svelte SSR vulnerable to cross-site scripting via spread attributes

NPM: Svelte SSR vulnerable to cross-site scripting via spread attributes vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...

5.4CVSS5.6AI score0.00189EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/05/14 8:19 p.m.8 views

GHSA-PR6F-5X2Q-RWFP Svelte SSR vulnerable to cross-site scripting via spread attributes

When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers...

5CVSS5.9AI score0.00189EPSS
Exploits0References5
github
github
added 2026/05/14 8:19 p.m.21 views

Svelte SSR vulnerable to cross-site scripting via spread attributes

When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers...

6.1CVSS5.9AI score0.00168EPSS
Exploits0References5Affected Software1
redhatcve
redhatcve
added 2026/05/14 7:58 p.m.8 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

6.1CVSS5.8AI score0.0014EPSS
Exploits0References1
nvd
nvd
added 2026/05/13 10:16 p.m.42 views

CVE-2026-44437

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

6.9CVSS0.00203EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/13 9:23 p.m.62 views

CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

6.9CVSS0.00203EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/13 9:23 p.m.12 views

CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

6.9CVSS5.8AI score0.00203EPSS
Exploits0References2
osv
osv
added 2026/05/13 9:23 p.m.3 views

CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

6.9CVSS6AI score0.00203EPSS
Exploits0References4
nvd
nvd
added 2026/05/13 4:16 p.m.89 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

6.1CVSS0.0014EPSS
Exploits0References1
cve
cve
added 2026/05/13 3:1 p.m.46 views

CVE-2026-44458

The CVE-2026-44458 entry affects Hono prior to version 4.12.18, where the JSX renderer does not escape CSS in style object values, allowing untrusted input to inject extra CSS declarations into the rendered style attribute. Impact is confined to CSS and does not permit JavaScript execution or HTM...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/05/13 3:1 p.m.10 views

CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1
osv
osv
added 2026/05/13 3:1 p.m.3 views

CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS6.1AI score0.00197EPSS
Exploits0References3
cvelist
cvelist
added 2026/05/13 2:57 p.m.48 views

CVE-2026-44455 Hono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS0.0014EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/05/13 2:57 p.m.9 views

CVE-2026-44455 Hono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS5.8AI score0.0014EPSS
Exploits0References1
osv
osv
added 2026/05/13 2:57 p.m.3 views

CVE-2026-44455 Hono: Unvalidated JSX Tag Names in hono/jsx May Allow HTML Injection

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS5.9AI score0.0014EPSS
Exploits0References3
cve
cve
added 2026/05/13 2:57 p.m.35 views

CVE-2026-44455

Summary: CVE-2026-44455 affects hono/jsx in the Hono web framework. Prior to version 4.12.16, unvalidated JSX tag names used via programmatic jsx() or createElement() during server-side rendering could be inserted into HTML output, allowing untrusted input to break element context and inject unin...

6.1CVSS5.8AI score0.0014EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/05/13 2:57 p.m.8 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

4.7CVSS5.8AI score0.0014EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/05/12 12:22 a.m.10 views

MAL-2026-3483 Malicious code in @tanstack/solid-router-ssr-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8693692b7ab31b63eb7411750d5b8798beec7ab29dddc1adea60186d354f4ed8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
osv
osv
added 2026/05/11 11:43 p.m.10 views

MAL-2026-3467 Malicious code in @tanstack/react-router-ssr-query (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c8db33bfb3bf19b736238a7e0895ecfd856e38c6e86d83f6eee8df6f5c13730 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References6
vulnersosv
vulnersosv
added 2026/05/11 9:0 p.m.16 views

birdclaw (>=0.1.0 <=0.7.0), livemark (>=0.0.0-dev <=0.23.0) potentially affected by CVE-2026-45321 via @tanstack/react-router-ssr-query (>=1.166.10 <=1.166.12)

@tanstack/react-router-ssr-query NPM version =1.166.10, =0.1.0, =0.0.0-dev, =0.23.0 Source cves: CVE-2026-45321 Source advisory: SNYK:JS-TANSTACKREACTROUTERSSRQUERY-16640207...

9.6CVSS7.5AI score0.02342EPSS
Exploits3
Rows per page
Query Builder