Lucene search
+L

16 matches found

Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52167

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module and...

6.2AI score0.00181EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/06/01 2:12 p.m.7 views

@vitest/browser-playwright (>=5.0.0-beta.1 <=5.0.0-beta.2), @vitest/browser-preview (>=5.0.0-beta.1 <=5.0.0-beta.2) +1 more potentially affected by CVE-2026-47428 via @vitest/browser (>=5.0.0-beta.1 <=5.0.0-beta.2)

@vitest/browser NPM version =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.2 Source cves: CVE-2026-47428 Source advisory: SNYK:JS-VITESTBROWSER-17120486...

5.4AI score0.00367EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/06/01 2:12 p.m.10 views

@vitest/browser-playwright (>=5.0.0-beta.1 <=5.0.0-beta.2), @vitest/browser-preview (>=5.0.0-beta.1 <=5.0.0-beta.2) +1 more potentially affected by CVE-2026-47428 via @vitest/browser (>=5.0.0-beta.1 <=5.0.0-beta.2)

@vitest/browser NPM version =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.1, =5.0.0-beta.2 Source cves: CVE-2026-47428 Source advisory: OSV:GHSA-2H32-95RG-CPPP...

5.4AI score0.00367EPSS
Exploits0
Drupal
Drupal
added 2026/03/11 12:0 a.m.16 views

AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

The module and certain submodules AI Automators, AI Translate, AI API Explorer, AI Content Suggestions provide the ability to use an LLM to generate HTML or Markdown and preview it in a browser. Under certain circumstances, rendering of this HTML can lead to exposing secret communications in the...

7.5CVSS5.8AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/29 9:24 a.m.12 views

CVE-2026-1466

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS5AI score0.00566EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/28 6:33 a.m.5 views

CVE-2026-1466

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS5AI score0.00566EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.16 views

PT-2026-5062

CVE-2026-1466 Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. Th… https://t.co/rSEVfvxJRR...

6.1CVSS5.1AI score0.00566EPSS
Exploits0References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-50773

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00566EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-20016

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00566EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/07/06 12:18 p.m.8 views

CVE-2025-7066

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS5.7AI score0.00566EPSS
Exploits0References1
NVD
NVD
added 2025/07/04 12:15 p.m.12 views

CVE-2025-7066

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS0.0026EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/07/04 12:2 p.m.2 views

CVE-2025-7066 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS5.7AI score0.0026EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/04 12:2 p.m.11 views

CVE-2025-7066 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

6.1CVSS0.0026EPSS
Exploits0References3
CVE
CVE
added 2025/07/04 12:2 p.m.23 views

CVE-2025-7066

CVE-2025-7066 details a MIME-type check bypass in Jirafeau that could allow browser previews to misuse text/html via crafted MIME types (e.g., image/png,text/html). Connected documents extend this to CVE-2026-1466, describing a bypass via invalid MIME types (image) during preview, which triggers ...

6.1CVSS5.7AI score0.0026EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:28 a.m.14 views

CVE-2024-12326

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in...

6.1CVSS5.8AI score0.00566EPSS
Exploits0References1
CVE
CVE
added 2024/12/06 8:50 p.m.84 views

CVE-2024-12326

Vulnerability summary (CVE-2026-1466 family): Jirafeau’s browser preview restriction for text types (excluding image/svg+xml) can be bypassed by sending a manipulated HTTP request with an invalid MIME type (e.g., image), allowing the preview engine to detect SVG/execute JavaScript. The root cause...

6.1CVSS6.1AI score0.00235EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder