Lucene search
K

28 matches found

OSV
OSV
added 5 days ago4 views

PYSEC-2026-363 Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...

9.8CVSS6.2AI score0.00106EPSS
Exploits0References6
OSV
OSV
added 2026/06/03 9:30 p.m.6 views

GHSA-CHQ7-94J8-CJ28 Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...

9.8CVSS6.1AI score0.00106EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-46093

Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNEL UID or KERNEL GID value. The featu...

9.8CVSS6.1AI score
Exploits0References4
Cvelist
Cvelist
added 2026/04/24 4:57 p.m.28 views

CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS0.00189EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/24 4:57 p.m.3 views

CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS5.5AI score0.00189EPSS
Exploits1References1
CVE
CVE
added 2026/04/24 4:57 p.m.15 views

CVE-2026-41067

Summary: CVE-2026-41067 affects Astro’s SSR pipeline, where defineScriptVars sanitizes inline script values using a case-sensitive //g regex. This fails to match closing script tags when payloads use case variants (e.g., ), whitespace before &gt; (), or self-closing forms (), allowing injected HT...

6.1CVSS5.5AI score0.00189EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/12 8:57 p.m.9 views

GO-2026-4669 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel

SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References3
OSV
OSV
added 2026/03/10 11:57 p.m.2 views

GHSA-PMC9-F5QR-2PCR SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS

SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2026/03/10 11:57 p.m.7 views

SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS

SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/03/10 8:58 p.m.13 views

CVE-2026-31809

SiYuan before v3.5.10 is vulnerable via the SVG sanitizer (SanitizeSVG) which checks href for javascript: prefixes using strings.HasPrefix(), but allows ASCII tab, newline, or carriage return characters to bypass the check. These characters are stripped by browsers per WHATWG URL rules before par...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 8:58 p.m.3 views

CVE-2026-31809 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References1
OSV
OSV
added 2026/03/10 8:58 p.m.4 views

CVE-2026-31809 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS

SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...

6.4CVSS5.8AI score0.00505EPSS
Exploits1References3
OSV
OSV
added 2026/03/07 4:15 p.m.5 views

UBUNTU-CVE-2026-30838

league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...

6.1CVSS5.7AI score0.00217EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/03/07 4:0 p.m.5 views

CVE-2026-30838

league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...

6.1CVSS5AI score0.00217EPSS
Exploits0
Veracode
Veracode
added 2026/03/07 5:5 a.m.7 views

Cross-site Scripting (XSS)

league/commonmark is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper filtering of disallowed HTML tags that can be bypassed using whitespace characters, which allows an attacker to inject and execute malicious scripts...

6.1CVSS5.8AI score0.00217EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/06 11:27 p.m.2 views

GHSA-4V6X-C7XX-HW9F CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names

Impact The DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a valid HTML tag by browsers. This is a cross-site scripting X...

5.1CVSS5.6AI score0.00217EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/06 11:27 p.m.10 views

CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names

Impact The DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a valid HTML tag by browsers. This is a cross-site scripting X...

6.1CVSS5.6AI score0.00217EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/09/08 10:9 a.m.9 views

CVE-2014-125128

'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href attribute in anchor tags , allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings...

6.1CVSS0.00256EPSS
Exploits1References4
Snyk
Snyk
added 2025/09/01 5:41 a.m.3 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the SQLManager class, exploitable when the user defines JDBC connections as a key-value pair. An attacker can execute arbitrary code and access unauthorized system files by injecting malicious...

9.8CVSS9.6AI score0.12993EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-15606

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons CVE-2019-15606 No...

9.8CVSS7.6AI score0.20041EPSS
Exploits1References2
Rows per page
Query Builder