CVE-2026-52846

Caddy is an extensible server platform that uses TLS by default. Prior to 2.11.4, Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous...

CVE-2026-52846

Summary: CVE-2026-52846 affects Caddy's stripHTML template function, which cannot reliably strip certain malformed HTML (e.g., <img src=x onerror=alert()>). This can bypass tag-stripping and may enable client-side XSS when untrusted strings are rendered as HTML. The issue originates in func...

Caddy: stripHTML template function bypass

Summary Caddy’s stripHTML template function cannot reliably remove all HTML tags from input strings. Certain malformed HTML, such as img src=x onerror=alert, can bypass the tag-stripping logic, potentially leaving dangerous content in the output if it is later rendered as HTML. This may allow...

lldpd 缓冲区错误漏洞

LLDPD is a daemon capable of receiving and sending LLDP frames. Versions of LLDPD prior to 1.0.22 contained a buffer error vulnerability. This vulnerability stemmed from an error in the memmove byte count calculation by the lldpddecode function when stripping the 802.1Q VLAN tag, which could lead...

HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper stripping of HTML tags in the generatePlaintext method when Unicode line-separator characters bypass the regex filter, which allows an attacker to inject unexpected HTML that can be interpreted as executable script...

Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...

GHSA-Q4W9-X3RV-4C8J Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...

EUVD-2007-1448

Malware in sbrugna...

USN-7136-2 python-django vulnerability

USN-7136-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: jiangniao discovered that Django incorrectly handled the API to strip tags. A remote attacker could possibly use this issue to cause Djan...

The vulnerability of the fgetss() function in the general-purpose scripting language PHP, which has open source code, relates to reading beyond the buffer boundaries of memory. This allows attackers to gain access to confidential data and also trigger a denial-of-service attack.

The vulnerability of the fgetss function in the general-purpose scripting language PHP, with open source code, is related to a data reading error involving tag stripping. Exploiting this vulnerability can allow an attacker to gain access to confidential data and also cause service failures...

Horde IMP Webmail Client XSS all versions

Hello All, PRELUDE What is HORDE? http://www.horde.org/about/ The Mission The Horde Project is about creating high quality Open Source applications, based on PHP and the Horde Framework. The guiding principles of the Horde Project are to create solid standards-based applications using intelligent...