Lucene search
K

9809 matches found

Cvelist
Cvelist
added 2026/06/17 7:59 p.m.16 views

CVE-2026-48822 Shaarli has Stored Cross-Site Scripting (XSS) via Markdown Reference Links

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside a Markdown link. The...

5.8CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/06/17 7:59 p.m.14 views

CVE-2026-48822

Shaarli (versions ≤ 0.16.1) contains a stored XSS in the Bookmark Description field when a malicious javascript: URI is injected via Markdown reference links. The root cause is in BookmarkMarkdownFormatter.php: filterProtocols uses a regex that catches inline links but does not inspect Markdown r...

5.8CVSS5.4AI score0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 1:21 p.m.9 views

CVE-2026-8494

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00193EPSS
Exploits0References5
NVD
NVD
added 2026/06/17 1:20 p.m.7 views

CVE-2026-2604

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...

5.6CVSS0.00189EPSS
Exploits0References5
Veracode
Veracode
added 2026/06/17 9:30 a.m.9 views

Open Redirect

Spring Authorization Server is vulnerable to Open Redirect. The vulnerability is due to insufficient validation of the requesturi parameter at the authorization endpoint, where a malicious authorization request can include an invalid requesturi and an attacker-controlled redirecturi, resulting in...

6.1CVSS5.4AI score0.00172EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50535

Name of the Vulnerable Software and Affected Versions Shaarli versions prior to 0.16.2 Description A stored Cross-Site Scripting XSS issue exists in the Markdown-to-HTML conversion process used in the Bookmark Description field. An authenticated user can inject a malicious javascript: URI inside ...

5.8CVSS5.3AI score0.0012EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/16 9:35 p.m.18 views

CVE-2026-2604 Evolution-data-server: evolution data server: arbitrary file deletion via inconsistent uri handling

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...

5.6CVSS0.00189EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/16 10:55 a.m.7 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs (CVE-2026-6322, CVE-2026-45740 & CVE-2026-6321)

Summary IBM App Connect Enterprise runtime and IBM App Connect Enterprise Discovery Connectors are vulnerable to multiple vulnerabilities due to Node.js modules fast-uri and protobufjs. Vulnerability Details CVEID:CVE-2026-6322 DESCRIPTION: fast-uri normalize decoded percent-encoded authority...

7.5CVSS5.3AI score0.00521EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.9 views

RHEL 10 : gnutls (RHSA-2026:26409)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26409 advisory. The gnutls packages provide the GNU Transport Layer Security GnuTLS library, which implements cryptographic algorithms and protocols such ...

9.8CVSS6AI score0.01335EPSS
Exploits2References28
EUVD
EUVD
added 2026/06/15 9:30 p.m.7 views

EUVD-2026-36762

Datadog, Inc Vector v0.54.0 was discovered to contain a SQL injection vulnerability in the seturiquery parameter in the KeyPartitioner::partition function. This vulnerability allows attackers to access sensitive database information via crafted SQL statements...

5.6AI score0.00321EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 7:28 p.m.10 views

PyJWKClient: missing scheme allowlist enables CVE-2024-21643-class SSRF + token forgery via file://, ftp://, data: schemes

!NOTE The library does not directly return non-HTTPS URI contents to the attacker; the chained "plant a JWKS to forge tokens" scenario described in the original report requires additional application-layer flaws attacker write access to a filesystem path, untrusted jku derivation that this fix do...

8.8CVSS5.6AI score0.02214EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49302

Name of the Vulnerable Software and Affected Versions Vector versions prior to 0.55.0 Description The ClickHouse sink contains a SQL/identifier injection flaw. The software escaped the table identifier but interpolated the database value raw into the INSERT statement, allowing a crafted database...

9.8CVSS5.4AI score0.00321EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/12 10:9 p.m.6 views

Cross-site Scripting (XSS)

Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Cross-site Scripting XSS incomplete validation of URI schemes in attributes su...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 8:50 p.m.33 views

CVE-2026-53606 sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

5.4CVSS0.00136EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:50 p.m.22 views

CVE-2026-53606

A CVE-2026-53606 entry concerns ApostropheCMS (Node.js) and its dependency sanitize-html. The issue arises in sanitize-html versions prior to 2.17.5, where allowedSchemesAppliedToAttributes (default: ['href','src','cite']) do not cover all URI-bearing attributes (e.g., action, formaction, data, p...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:50 p.m.7 views

CVE-2026-53606 sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes

ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes default: 'href', 'src', 'cite' to gate the naughtyHref function that blocks...

5.4CVSS5.3AI score0.00136EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 3:7 p.m.52 views

GHSA-CQ87-8R7H-962V SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator

Programs using swift-nio is vulnerable to HTTP request smuggling and HTTP response splitting attacks, caused by insufficient validation of outbound HTTP/1.1 request and response start line components. This vulnerability affects all swift-nio versions from 2.0.0 to 2.99.0. It is fixed in 2.100.0 a...

8.9CVSS5.7AI score0.00044EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 3:2 p.m.20 views

CVE-2026-50090

Technical details about CVE-2026-50090 are not publicly available in the provided documents. Monitor for updates from official advisories to learn affected components, impact, and fixes.

9.3CVSS5.3AI score0.00253EPSS
Exploits0References2
OSV
OSV
added 2026/06/12 12:26 p.m.7 views

OESA-2026-2666 libsoup3 security update

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP Simple Object Access Protocol implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. Security Fixes: A flaw was found in libsoup. The SoupWebsocketConnection may accep...

8.2CVSS6.9AI score0.00764EPSS
Exploits2References8
OSV
OSV
added 2026/06/12 12:25 p.m.9 views

OESA-2026-2633 evolution-data-server security update

The evolution-data-server package provides a personal information management application that provides integrated mail, calendaring and address book functionality. The evolution-data-server package provides a single database for common, desktop-wide information, such as a user's address book or...

5.6CVSS5.5AI score0.00189EPSS
Exploits0References2
Rows per page
Query Builder