Lucene search
K

989 matches found

Github Security Blog
Github Security Blog
added 2026/03/26 6:15 p.m.7 views

AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables

Summary The fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized queries. An attacker who can trigger category creation or renaming with a craft...

9.8CVSS6AI score0.00492EPSS
Exploits1References4Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/24 10:21 p.m.11 views

Malicious code in databricks-clean-room-orchestrator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

6AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/03/24 8:40 p.m.8 views

Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items

Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The line item description field was not passed through purify::clean before...

5.4CVSS5.9AI score0.00231EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/03/22 12:0 a.m.10 views

WWBN AVideo 跨站脚本漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the cleantitle field in the CDN plugin download button component being inserted directl...

8.2CVSS5.6AI score0.00216EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/20 4:36 a.m.11 views

Malicious code in trex-proxy-browser-extension-sdk (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb36a59a719cff949c203a03a41c54b637bb1974bdea728b1bc15e837a7db45 The package trex-proxy-browser-extension-sdk was found to contain malicious code. Source: ghsa-malware...

5.7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.3 views

openSUSE 16 Security Update : python-lxml_html_clean (openSUSE-SU-2026:20345-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20345-1 advisory. Changes in python-lxmlhtmlclean: - CVE-2026-28348: improper keywords checking can allow external CSS loading bsc1259378 - CVE-2026-28350: lack o...

6.1CVSS5.9AI score0.00254EPSS
Exploits2References6
OpenVAS
OpenVAS
added 2026/03/12 12:0 a.m.7 views

Fedora: Security Advisory (FEDORA-2026-154efc6066)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.1CVSS5.8AI score0.00254EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.4 views

Fedora 44 : python-lxml-html-clean (2026-f46fc594f3)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f46fc594f3 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

6.1CVSS5.9AI score0.00254EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.10 views

Fedora 43 : python-lxml-html-clean (2026-fdded962b2)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fdded962b2 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

6.1CVSS5.9AI score0.00254EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.7 views

Fedora 42 : python-lxml-html-clean (2026-154efc6066)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-154efc6066 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

6.1CVSS5.9AI score0.00254EPSS
Exploits2References3
HackRead
HackRead
added 2026/03/11 9:10 a.m.9 views

Your Data Lake Is Turning Into a Junk Drawer? Here’s How to Clean It Up

Data lakes start organized but can turn into dumping grounds. Learn the signs of data lake clutter and simple steps to clean it up without rebuilding...

5.8AI score
Exploits0
OSV
OSV
added 2026/03/11 6:19 a.m.2 views

MAL-2026-1326 Malicious code in clean-order (npm)

The package 'clean-order' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.6AI score
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/11 6:19 a.m.7 views

Malicious code in clean-order (npm)

The package 'clean-order' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...

5.5AI score
Exploits0References3
Snyk
Snyk
added 2026/03/11 6:19 a.m.2 views

Malicious Package

Overview clean-order is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...

9.8CVSS5.8AI score
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/11 12:0 a.m.5 views

python311-lxml_html_clean-0.4.4-1.1 on GA media (moderate)

python311-lxmlhtmlclean-0.4.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10322-1 Rating: moderate Cross-References: CVE-2026-28348 CVE-2026-28350 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues...

6.1CVSS5.8AI score0.00254EPSS
Exploits2
SUSE CVE
SUSE CVE
added 2026/03/10 12:24 a.m.4 views

SUSE CVE-2026-28348

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2026/03/10 12:24 a.m.6 views

SUSE CVE-2026-28350

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...

6.1CVSS5.7AI score0.00254EPSS
Exploits1References3
OSV
OSV
added 2026/03/10 12:0 a.m.7 views

OPENSUSE-SU-2026:10322-1 python311-lxml_html_clean-0.4.4-1.1 on GA media

These are all security issues fixed in the python311-lxmlhtmlclean-0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...

6.1CVSS5.8AI score0.00254EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-28350

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner...

6.1CVSS7.2AI score0.00254EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/07 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-28348

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips...

6.1CVSS5.8AI score0.00228EPSS
Exploits1References3
Rows per page
Query Builder