Lucene search
+L

4141 matches found

nvd
nvd
added 4 days ago8 views

CVE-2026-15505

A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument pmetaData causes cross site scripting. The attack may be initiated remotely. The vendo...

5.1CVSS0.00195EPSS
Exploits0References4
cve
cve
added 4 days ago14 views

CVE-2026-15505

The CVE concerns vnotex vnote (up to version 3.20.1) where the YAML Frontmatter component exposes cross-site scripting via the file /src/data/extra/web/js/markdownit.js. The issue arises from manipulation of the argument p_metaData in the YAML Frontmatter code, which can potentially be exploited ...

5.1CVSS4.7AI score0.00195EPSS
Exploits0References4
euvd
euvd
added 4 days ago8 views

EUVD-2026-43246

A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument pmetaData causes cross site scripting. The attack may be initiated remotely. The vendo...

5.1CVSS4.6AI score0.00195EPSS
Exploits0References4
cvelist
cvelist
added 4 days ago33 views

CVE-2026-15505 vnotex vnote YAML Frontmatter markdownit.js cross site scripting

A weakness has been identified in vnotex vnote up to 3.20.1. Impacted is an unknown function of the file /src/data/extra/web/js/markdownit.js of the component YAML Frontmatter. This manipulation of the argument pmetaData causes cross site scripting. The attack may be initiated remotely. The vendo...

5.1CVSS0.00195EPSS
Exploits0References4
redhat
redhat
added 4 days ago4 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
redhat
redhat
added 5 days ago4 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
redhat
redhat
added 5 days ago4 views

js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS6.2AI score0.00259EPSS
Exploits1References5
redhat
redhat
added 5 days ago3 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6AI score0.0037EPSS
Exploits1References9
nvd
nvd
added 6 days ago7 views

CVE-2026-44795

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS0.01001EPSS
Exploits0References4
osv
osv
added 6 days ago3 views

CVE-2026-55175 Spinnaker: Improper yaml processing on kustomize bake operations

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References13
cve
cve
added 6 days ago15 views

CVE-2026-55175

Spinnaker CVE-2026-55175 affects Rosco/Kustomize bake operations where unsafe YAML tag processing in rosco manifests can lead to remote code execution on rosco pods. Affected versions are prior to 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 across release lines; fixes are available in 2026.1.1, 20...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References11
cvelist
cvelist
added 6 days ago33 views

CVE-2026-55175 Spinnaker: Improper yaml processing on kustomize bake operations

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS0.00615EPSS
Exploits0References11
euvd
euvd
added 6 days ago5 views

EUVD-2026-43087

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to versions 2026.1.1, 2026.0.3, 2025.4.4, and 2025.3.4 on their respective release lines, Kustomize bake operations allow unsafe YAML tag processing in rosco manifests. This can lead to remote code execution on rosco pod...

7.5CVSS6.5AI score0.00615EPSS
Exploits0References11
cvelist
cvelist
added 6 days ago33 views

CVE-2026-44795 Spinnaker: Non-safe yaml deserialization allowing RCE when using specific types

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS0.01001EPSS
Exploits0References4
cve
cve
added 6 days ago23 views

CVE-2026-44795

CVE-2026-44795 affects Spinnaker (Cloud deployments/baking paths) where unsafe YAML processing bypasses safe deserialization via a non-safe constructor, enabling arbitrary Java class loading and remote code execution. Affected versions precede fixed releases and include 2026.1.0, 2026.0.3, 2025.4...

8.8CVSS6.3AI score0.01001EPSS
Exploits0References4
osv
osv
added 6 days ago3 views

CVE-2026-44795 Spinnaker: Non-safe yaml deserialization allowing RCE when using specific types

Spinnaker is an open source, multi-cloud continuous delivery platform. Prior to 2026.1.0, 2026.0.3, 2025.4.4, and 2025.3.3, unsafe YAML processing bypasses safe deserialization when using CloudFormation deployments or CloudFoundry baking. The use of a non-safe constructor allows arbitrary loading...

8.8CVSS6.3AI score0.01001EPSS
Exploits0References6
cvelist
cvelist
added 6 days ago29 views

CVE-2026-58493 grav-plugin-database: DSN Parameter Injection via Unsanitized Configuration Values in Connection String Construction

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing...

5.1CVSS0.00288EPSS
Exploits0References3
osv
osv
added 6 days ago3 views

CVE-2026-58493 grav-plugin-database: DSN Parameter Injection via Unsanitized Configuration Values in Connection String Construction

grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, Database::call builds PDO DSN strings by directly concatenating user-configurable YAML values from fields such as host, dbname, charset, server, database, directory, and filename without sanitization or validation, allowing...

5.1CVSS6.1AI score0.00288EPSS
Exploits0References5
redhat
redhat
added 6 days ago6 views

js-yaml: js-yaml: Denial of Service via crafted YAML merge keys

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker can exploit this vulnerability by providing a specially crafted YAML document that repeatedly uses the same alias in a merge sequence. This can lead to algorithmic CPU exhaustion, causing the Node.js worker or eve...

5.3CVSS6.6AI score0.00259EPSS
Exploits1References5
redhat
redhat
added 6 days ago6 views

js-yaml: js-yaml: Denial of Service via crafted YAML documents

A flaw was found in js-yaml, a JavaScript YAML parser and dumper. A remote attacker could exploit this vulnerability by providing a specially crafted YAML document containing a chain of mappings with merge keys. This could cause the parser to consume excessive CPU resources, leading to a Denial o...

7.5CVSS6.9AI score0.0037EPSS
Exploits1References9
Rows per page
Query Builder