Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-51785

Name of the Vulnerable Software and Affected Versions hono versions prior to 4.12.14 Description An HTML injection issue exists in the JSX server-side rendering SSR process. Attackers can inject unintended HTML by using malformed attribute names. By crafting attribute keys that include characters...

5.3CVSS5.9AI score0.00174EPSS
Exploits0References7
OSV
OSV
added 2026/04/16 1:2 a.m.4 views

GHSA-458J-XX4X-4375 hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR

Summary Improper handling of JSX attribute names in hono/jsx allows malformed attribute keys to corrupt the generated HTML output. When untrusted input is used as attribute keys during server-side rendering, specially crafted keys can break out of attribute or tag boundaries and inject unintended...

4.3CVSS5.7AI score0.00174EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 1:2 a.m.13 views

hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR

Summary Improper handling of JSX attribute names in hono/jsx allows malformed attribute keys to corrupt the generated HTML output. When untrusted input is used as attribute keys during server-side rendering, specially crafted keys can break out of attribute or tag boundaries and inject unintended...

5.3CVSS5.7AI score0.00174EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-24862

Malicious code in bioql PyPI...

6.2CVSS6.2AI score0.0021EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2025/09/02 1:34 a.m.4 views

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

6.2CVSS7.3AI score0.0021EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2025/08/25 11:24 a.m.6 views

aide: improper output neutralization enables bypassing

A flaw was found in AIDE. This flaw allows an attacker to craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and tamper with the log output. A local user may exploit this to bypass AIDE's detection of malicious files...

6.2CVSS7.3AI score0.0021EPSS
Exploits1References4
OSV
OSV
added 2025/08/14 4:15 p.m.1 views

DEBIAN-CVE-2025-54389

AIDE is an advanced intrusion detection environment. Prior to version 0.19.2, there is an improper output neutralization vulnerability in AIDE. An attacker can craft a malicious filename by including terminal escape sequences to hide the addition or removal of the file from the report and/or tamp...

5.5CVSS7.6AI score0.0021EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2024/02/29 7:47 p.m.2 views

jinja2: HTML attribute injection when passing user input as keys to xmlattr filter

A cross-site scripting XSS flaw was found in Jinja2 due to the xmlattr filter allowing keys with spaces, contrary to XML/HTML attribute standards. If an application accepts user-input keys and renders them for other users, attackers can inject additional attributes, potentially leading to XSS. Th...

6.1CVSS6.6AI score0.00892EPSS
Exploits0References6
Rows per page
Query Builder