28 matches found
PYSEC-2026-363 Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass
Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...
GHSA-CHQ7-94J8-CJ28 Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass
Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNELUID or KERNELGID value. The feature...
PT-2026-46093
Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 root. This can be bypassed. It is possible to launch kernels with a prohibited UID and/or GID by using a specially crafted KERNEL UID or KERNEL GID value. The featu...
CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...
CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass
Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...
CVE-2026-41067
Summary: CVE-2026-41067 affects Astro’s SSR pipeline, where defineScriptVars sanitizes inline script values using a case-sensitive //g regex. This fails to match closing script tags when payloads use case variants (e.g., ), whitespace before > (), or self-closing forms (), allowing injected HT...
GO-2026-4669 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel
SiYuan has a SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS in github.com/siyuan-note/siyuan/kernel...
GHSA-PMC9-F5QR-2PCR SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS
SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string...
SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS
SVG Sanitizer Bypass via Whitespace in javascript: URI — Unauthenticated XSS Summary SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string...
CVE-2026-31809
SiYuan before v3.5.10 is vulnerable via the SVG sanitizer (SanitizeSVG) which checks href for javascript: prefixes using strings.HasPrefix(), but allows ASCII tab, newline, or carriage return characters to bypass the check. These characters are stripped by browsers per WHATWG URL rules before par...
CVE-2026-31809 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...
CVE-2026-31809 SiYuan has a SVG Sanitizer Bypass via Whitespace in `javascript:` URI — Unauthenticated XSS
SiYuan is a personal knowledge management system. Prior to 3.5.10, SiYuan's SVG sanitizer SanitizeSVG checks href attributes for the javascript: prefix using strings.HasPrefix. However, inserting ASCII tab , newline , or carriage return characters inside the javascript: string bypasses this prefi...
UBUNTU-CVE-2026-30838
league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...
CVE-2026-30838
league/commonmark is a PHP Markdown parser. Prior to version 2.8.1, the DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a...
Cross-site Scripting (XSS)
league/commonmark is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper filtering of disallowed HTML tags that can be bypassed using whitespace characters, which allows an attacker to inject and execute malicious scripts...
GHSA-4V6X-C7XX-HW9F CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names
Impact The DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a valid HTML tag by browsers. This is a cross-site scripting X...
CommonMark has DisallowedRawHtml extension bypass via whitespace in HTML tag names
Impact The DisallowedRawHtml extension can be bypassed by inserting a newline, tab, or other ASCII whitespace character between a disallowed HTML tag name and the closing . For example, would pass through unfiltered and be rendered as a valid HTML tag by browsers. This is a cross-site scripting X...
CVE-2014-125128
'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href attribute in anchor tags , allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the SQLManager class, exploitable when the user defines JDBC connections as a key-value pair. An attacker can execute arbitrary code and access unauthorized system files by injecting malicious...
Linux Distros Unpatched Vulnerability : CVE-2019-15606
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons CVE-2019-15606 No...