4535 matches found
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari...
PT-2026-41888
A Stored HTML Injection vulnerability was discovered in the Credentials Manager functionality due to improper validation of an input parameter. An authenticated user with administrative privileges can define a malicious identity containing HTML tags. When a victim attempts to delete the affected...
ALSA-2026:19206 Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2025-43213 webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari...
CVE-2026-45231
DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...
EUVD-2026-30792
DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...
CVE-2026-45231
DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...
CVE-2026-45231 DumbAssets 1.0.11 Stored Cross-Site Scripting via Asset Fields
DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...
CVE-2026-45231
DumbAssets 1.0.11 is affected by a stored XSS vulnerability in asset fields (name, description, modelNumber, serialNumber, tags) that are stored without server-side sanitization and rendered via innerHTML without client-side escaping. An attacker can create or update assets through asset API endp...
CVE-2026-45231 DumbAssets 1.0.11 Stored Cross-Site Scripting via Asset Fields
DumbAssets through 1.0.11 contains a stored cross-site scripting vulnerability in asset fields including name, description, modelNumber, serialNumber, and tags that are stored without server-side sanitization and rendered using innerHTML without client-side escaping. Attackers can create or updat...
PT-2026-41718
Name of the Vulnerable Software and Affected Versions DumbAssets versions 1.0 through 1.0.11 Description A stored cross-site scripting issue exists in asset fields, specifically name, description, modelNumber, serialNumber, and tags. These fields are stored without server-side sanitization and...
Cross-site Scripting (XSS)
Overview nukeviet/nukeviet is a the first opensource CMS in Vietnam. Affected versions of this package are vulnerable to Cross-site Scripting XSS via insufficient server-side input sanitization in the Request class. An attacker can execute arbitrary scripts in the context of another user's browse...
Exploit for CVE-2026-42897
CVE-2026-42897 - Exchange Health Checker Outbound Rewrite Rule...
CVE-2026-43660
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages...
PT-2026-41178
Name of the Vulnerable Software and Affected Versions pyLoad versions prior to 0.5.0b3.dev100 Description An issue exists where the packages.js template interpolates stored link URLs into a template literal within single-quoted HTML and writes the result to the DOM using the $div.htmlhtml functio...
CVE-2026-28907
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation. Mitigation Do not process or load untrusted web content with WebKitGTK. In Red Hat Enterprise Linux 7, the following packages require WebKitGTK...
CVE-2026-44581
Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...
CVE-2026-44581 Next.js: Cross-site scripting in App Router applications using CSP nonces
Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected versions, malformed nonce values derive...
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper state management...
Next.js 跨站脚本漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 13.4.0 to 15.5.16, as well as versions before 16.2.5, have a cross-site scripting vulnerability. This vulnerability arises when the App Router application relies on CSP nonce. A format- incorrect nonce value is derived...
RHEL 9 : webkit2gtk3 (RHSA-2026:16695)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:16695 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...