989 matches found
AVideo has SQL Injection in category.php fixCleanTitle() via Unparameterized clean_title and id Variables
Summary The fixCleanTitle static method in objects/category.php constructs a SQL SELECT query by directly interpolating both $cleantitle and $id into the query string without using prepared statements or parameterized queries. An attacker who can trigger category creation or renaming with a craft...
Malicious code in databricks-clean-room-orchestrator (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 fbc98178bc405d7a11a93726ed2eb1919477f5fad01b06272d90615c87755663 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
Invoice Ninja Denylist Bypass may Lead to Stored XSS via Invoice Line Items
Vulnerability Details Invoice line item descriptions in Invoice Ninja v5.13.0 bypass the XSS denylist filter, allowing stored XSS payloads to execute when invoices are rendered in the PDF preview or client portal. The line item description field was not passed through purify::clean before...
WWBN AVideo 跨站脚本漏洞
WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to 26.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from the cleantitle field in the CDN plugin download button component being inserted directl...
Malicious code in trex-proxy-browser-extension-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9eb36a59a719cff949c203a03a41c54b637bb1974bdea728b1bc15e837a7db45 The package trex-proxy-browser-extension-sdk was found to contain malicious code. Source: ghsa-malware...
openSUSE 16 Security Update : python-lxml_html_clean (openSUSE-SU-2026:20345-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20345-1 advisory. Changes in python-lxmlhtmlclean: - CVE-2026-28348: improper keywords checking can allow external CSS loading bsc1259378 - CVE-2026-28350: lack o...
Fedora: Security Advisory (FEDORA-2026-154efc6066)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 44 : python-lxml-html-clean (2026-f46fc594f3)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f46fc594f3 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
Fedora 43 : python-lxml-html-clean (2026-fdded962b2)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fdded962b2 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
Fedora 42 : python-lxml-html-clean (2026-154efc6066)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-154efc6066 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
Your Data Lake Is Turning Into a Junk Drawer? Here’s How to Clean It Up
Data lakes start organized but can turn into dumping grounds. Learn the signs of data lake clutter and simple steps to clean it up without rebuilding...
MAL-2026-1326 Malicious code in clean-order (npm)
The package 'clean-order' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious code in clean-order (npm)
The package 'clean-order' is part of the PhantomRaven supply chain attack campaign Wave 3. It uses a Remote Dynamic Dependency RDD technique: the published package appears benign but includes a URL-based dependency in package.json pointing to an attacker-controlled C2 server...
Malicious Package
Overview clean-order is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package authorshi...
python311-lxml_html_clean-0.4.4-1.1 on GA media (moderate)
python311-lxmlhtmlclean-0.4.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10322-1 Rating: moderate Cross-References: CVE-2026-28348 CVE-2026-28350 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues...
SUSE CVE-2026-28348
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...
SUSE CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
OPENSUSE-SU-2026:10322-1 python311-lxml_html_clean-0.4.4-1.1 on GA media
These are all security issues fixed in the python311-lxmlhtmlclean-0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2026-28350
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner...
Linux Distros Unpatched Vulnerability : CVE-2026-28348
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips...