Lucene search
K

868 matches found

Cvelist
Cvelist
added 17 hours ago8 views

CVE-2026-12273 Tutor LMS < 3.9.13 - Subscriber+ Arbitrary Auto-Approved Comment Creation

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-56081

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.29.17 Coder versions prior to 2.32.7 Coder versions prior to 2.33.8 Coder versions prior to 2.34.2 Description The AgentLogLine dashboard component uses the ansi-to-html library without the escapeXML: true setting and...

5.4CVSS6AI score0.00316EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/07/01 7:33 p.m.5 views

golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

6.1CVSS6.5AI score0.00178EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1847)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1847 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

9.6CVSS7AI score0.00478EPSS
Exploits0References14
Cvelist
Cvelist
added 2026/06/17 2:39 p.m.35 views

CVE-2026-10850 Plane 1.3.1 - Stored XSS in intake issue description_html

Plane CE 1.3.1 allows a low-privileged project member to submit arbitrary HTML/JS in the descriptionhtml field when creating an intake work item through the API v1 intake endpoint...

6.9CVSS0.00165EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-33386

QuickCMS is vulnerable to Cross-Site Scripting XSS through its insecure HTTP-based plugin‑fetching mechanism. A malicious attacker can perform a Man‑in‑the‑Middle MITM attack by impersonating the opensolution.org server and serving arbitrary HTML or JavaScript at the plugin list endpoint. When a...

2.3CVSS5.6AI score0.00185EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/02 1:42 a.m.21 views

SUSE CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2026/06/02 1:40 a.m.14 views

SUSE CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References16
OSV
OSV
added 2026/05/26 7:5 p.m.26 views

GHSA-G2G4-47GV-P72V CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS

Summary CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags. Because the sanitizer only validates the src attribute of , and elements, and does not restrict other attributes, an attacker can inject arbitrary HTML through srcdoc. This completel...

6.1CVSS6AI score0.00242EPSS
Exploits0References4
NVD
NVD
added 2026/05/22 4:16 p.m.10 views

CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS0.00178EPSS
Exploits0References4
NVD
NVD
added 2026/05/22 4:16 p.m.12 views

CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS0.00188EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/22 3:1 p.m.14 views

EUVD-2026-31448

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References4
CVE
CVE
added 2026/05/22 3:1 p.m.184 views

CVE-2026-25680

CVE-2026-25680 affects the Go ecosystem’s HTML parser in golang.org/x/net/html. Description: parsing arbitrary HTML can cause excessive CPU time, potentially leading to denial of service. CVSSv3.1 base score 6.5 (Network, Low attack complexity, User interaction required, Availability impact). Con...

6.5CVSS5.9AI score0.00248EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/22 3:1 p.m.21 views

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

0.00248EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:1 p.m.11 views

CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References5
OSV
OSV
added 2026/05/22 3:1 p.m.1 views

CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html

Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service...

6.5CVSS6AI score0.00248EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.17 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from using Render to render arbitrary HTML. This can lead to an unexpected HTML tree, and...

6.1CVSS5.9AI score0.00178EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.12 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from using Render to render arbitrary HTML. This can lead to an unexpected HTML tree, and...

6.1CVSS5.9AI score0.00188EPSS
Exploits0References5
NVD
NVD
added 2026/05/14 4:16 p.m.9 views

CVE-2026-42159

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised...

5.4CVSS0.00192EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.16 views

PT-2026-40948

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised...

5.3CVSS6AI score0.00192EPSS
Exploits1References2
Rows per page
Query Builder