Lucene search
K

130 matches found

Vulnrichment
Vulnrichment
added 2026/03/24 6:26 p.m.6 views

CVE-2026-23919 Insufficient isolation of JavaScript (Duktape) execution context on Zabbix Server

For performance reasons Zabbix Server/Proxy reuses JavaScript Duktape contexts used in script items, JavaScript reprocessing, Webhooks. This can lead to confidentiality loss where a regular non-super Zabbix administrator leaks data for hosts they do not have access to. A fix has been released tha...

7.1CVSS5.7AI score0.00154EPSS
Exploits0References1
NVD
NVD
added 2026/03/24 4:16 p.m.4 views

CVE-2026-33334

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

9.6CVSS0.00385EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/24 3:2 p.m.2 views

CVE-2026-33334

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/24 3:2 p.m.21 views

CVE-2026-33334 Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS0.00385EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/24 3:2 p.m.3 views

EUVD-2026-14907

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/24 3:2 p.m.3 views

CVE-2026-33334 Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References2
CVE
CVE
added 2026/03/24 3:2 p.m.22 views

CVE-2026-33334

Summary (CVE-2026-33334): Vikunja Desktop Electron wrapper prior to 2.2.0 enables nodeIntegration in the renderer without contextIsolation or sandbox, turning any web frontend XSS into full remote code execution on the victim’s machine. Affected range: Vikunja 0.21.0 through 2.1.x (up to

9.6CVSS6.4AI score0.00385EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/24 3:2 p.m.7 views

CVE-2026-33334 Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.7 views

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja from 0.21.0 to 2.2.0 contained security vulnerabilities. These vulnerabilities stemmed from the Vikunja Desktop Electron wrapper allowing nodeIntegration during the rendering process without enabling...

9.6CVSS6.2AI score0.00385EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.8 views

PT-2026-27442

Vikunja is an open-source self-hosted task management platform. Starting in version 0.21.0 and prior to version 2.2.0, the Vikunja Desktop Electron wrapper enables nodeIntegration in the renderer process without contextIsolation or sandbox. This means any cross-site scripting XSS vulnerability in...

6.5CVSS6.4AI score0.00385EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/20 8:34 p.m.2 views

Race Condition

Overview org.webjars.npm:effect is a node package that allows you to add effects on images. Affected versions of this package are vulnerable to Race Condition in the MixedScheduler class, where the AsyncLocalStorage context is not properly isolated between concurrent fiber executions. An attacker...

9.1CVSS5.8AI score0.0027EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 8:11 a.m.3 views

CVE-2026-33066 SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

5.3CVSS6.5AI score0.00584EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/03/05 7:30 p.m.6 views

CVE-2026-20062

A vulnerability in the CLI of Cisco Secure Firewall Adaptive Security Appliance ASA Software in multiple context mode could allow an authenticated, local attacker with administrative privileges in one context to copy files to or from another context, including configuration files. This...

7.2CVSS6AI score0.0012EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/02/23 12:0 a.m.146 views

📄 Termius 9.9.0 Remote Code Execution

This Metasploit module demonstrates a remote code execution vulnerability in the Termius Electron application caused by an exposed symbol in the global JavaScript Symbol Registry. By accessing a shared Symbol.for key that unintentionally references preloaded Node.js modules, attacker-controlled...

6.8AI score
Exploits0
NVD
NVD
added 2026/01/27 3:15 p.m.12 views

CVE-2026-1470

n8n contains a critical Remote Code Execution RCE vulnerability in its workflow Expression evaluation system. Expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An...

9.9CVSS0.18071EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.8 views

PT-2026-4918

n8n and Affected Versions n8n affected versions not specified Description n8n is affected by a critical Remote Code Execution RCE issue within its workflow Expression evaluation system. An authenticated attacker can leverage this to execute arbitrary code with the privileges of the n8n process...

9.9CVSS9.5AI score0.18071EPSS
Exploits2References41
Packet Storm News
Packet Storm News
added 2025/11/25 12:0 a.m.4 views

A Single-Root, Multi-Curve, Context-Isolated, PQC-Pluggable Cryptographic Identity Primitive with Stateless Secret Rotation

Cryptographic identity anchors modern decentralized systems, yet current standards like BIP-39 and BIP-32 are structurally insufficient for the demands of multi-curve, multi-domain, and post-quantum PQC environments. These legacy schemes rely on a monolithic identity root with no inherent context...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/10/14 6:57 p.m.4 views

CVE-2025-61927

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

8.3CVSS6.7AI score0.00613EPSS
Exploits0References5
NVD
NVD
added 2025/10/10 8:15 p.m.50 views

CVE-2025-61927

Happy DOM is a JavaScript implementation of a web browser without its graphical user interface. Happy DOM v19 and lower contains a security vulnerability that puts the owner system at the risk of RCE Remote Code Execution attacks. A Node.js VM Context is not an isolated environment, and if the us...

7.2CVSS0.00613EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0565

Malware in sbrugna...

9CVSS9AI score0.00367EPSS
Exploits0References4
Rows per page
Query Builder