Lucene search
K

122 matches found

CVE
CVE
added 5 days ago6 views

CVE-2026-59802

PasswordPusher before 2.8.1 is vulnerable to Redirect-Based XSS due to insufficient validation in the valid_url function, allowing data:text/html URIs in URL push payloads that can execute JavaScript in victims’ browsers when clicked within the trusted domain. Affected versions: before 2.8.1. Roo...

8.2CVSS6.2AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56539

Name of the Vulnerable Software and Affected Versions PasswordPusher versions prior to 2.8.1 Description Insufficient validation in the valid url function allows the application to accept data URI schemes in URL push payloads. This enables attackers to create malicious pushes containing...

8.2CVSS6.1AI score0.00192EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/25 5:36 p.m.7 views

keycloak: Keycloak: Cross-site scripting (XSS) via case-insensitive URI validation bypass

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References4
NVD
NVD
added 2026/06/25 5:17 p.m.9 views

CVE-2026-9086

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS0.00419EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/25 4:16 p.m.8 views

CVE-2026-9086 Keycloak: keycloak: cross-site scripting (xss) via case-insensitive uri validation bypass

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/25 4:16 p.m.5 views

EUVD-2026-39473

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 4:16 p.m.6 views

CVE-2026-9086

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References7
CVE
CVE
added 2026/06/25 4:16 p.m.32 views

CVE-2026-9086

Keycloak contains a cross-site scripting vulnerability (CVE-2026-9086) where an attacker with manage-client or client-registration access can bypass URI validation by registering a malicious redirect URI using a case-insensitive javascript: or data: scheme. This allows arbitrary code execution in...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References7Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 4:1 p.m.11 views

CVE-2026-9086

A flaw was found in Keycloak. A remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, could bypass client Uniform Resource Identifier URI validation. This is achieved by registering a malicious client with a...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52506

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description An issue exists where a remote attacker with administrative privileges, specifically those with manage-client permission or access to client registration endpoints, can bypass client Uniform...

7.3CVSS6.5AI score0.00419EPSS
Exploits0References8
CVE
CVE
added 2026/06/24 8:26 p.m.17 views

CVE-2026-52816

Gogs exposes an unauthenticated REST endpoint POST /-/api/sanitize_ipynb that uses bluemonday.UGCPolicy with AllowURLSchemes("data"), allowing all data: URIs (including data:text/html). This enables a registered user to craft payloads that survive sanitization and execute XSS when rendered in oth...

6.4CVSS6AI score0.00677EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 1:44 p.m.30 views

CVE-2026-53722

CVE-2026-53722 affects Nuxt.js prior to versions 3.21.7 and 4.4.7, where did not validate URL schemes bound to its to or href before rendering. Attacker-controlled input (query parameters, CMS fields, or user URLs) can be reflected into the href attribute, enabling reflected DOM-based XSS via ja...

5.4CVSS4.8AI score0.00198EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 1:44 p.m.9 views

CVE-2026-53722 Nuxt: Reflected XSS in `<NuxtLink>` via unsanitised `javascript:` or `data:` URL

Nuxt is an open-source web development framework for Vue.js. Prior to versions 3.21.7 and 4.4.7, did not validate the URL scheme of values bound to its to or href props before rendering them into the href attribute of the underlying element. When an application binds attacker-controlled input a...

5.1CVSS4.8AI score0.00198EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/03 9:15 p.m.12 views

External Control of File Name or Path

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to External Control of File Name or Path in backend/htmlbackend.py‎, which ...

7.1CVSS5.5AI score0.00217EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/05/30 1:59 a.m.16 views

SUSE CVE-2026-48522

PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen which uses Python stdlib's default OpenerDirector registering HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler. There is currently no...

4.8CVSS6AI score0.00181EPSS
Exploits1References9
CVE
CVE
added 2026/05/28 3:0 p.m.90 views

CVE-2026-48522

PyJWKClient in PyJWT prior to 2.13.0 passes its uri argument directly to urllib.request.urlopen(), allowing attacker-controlled jku URLs to trigger SSRF and related token-forgery scenarios via file://, ftp://, or data: schemes. Affected component: PyJWKClient (Python). Root cause: lack of a schem...

4.2CVSS6AI score0.00181EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.17 views

PT-2026-44394

Name of the Vulnerable Software and Affected Versions PyJWT versions prior to 2.13.0 Description PyJWKClient passes the uri argument directly to urllib.request.urlopen, which utilizes the default OpenerDirector of the Python standard library. This allows the registration of HTTPHandler,...

9.8CVSS5.4AI score0.00181EPSS
Exploits1References236
Github Security Blog
Github Security Blog
added 2026/05/14 8:15 p.m.10 views

Open WebUI has Stored Cross-Site Scripting In Profile Picture

Summary The profileimageurl field on the user profile update form accepted arbitrary data: URI values without MIME-type validation. Two distinct attack paths were independently demonstrated by separate reporters: 1. data:text/html;base64,... in a new browser tab raresvis, 2025-04-17 — when a vict...

5.4CVSS6AI score0.00199EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.21 views

PT-2026-41162

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.8.0 Description The profile image url field on the user profile update form accepts arbitrary data: URI values without MIME-type validation, leading to Cross-Site Scripting XSS. This occurs because the applicatio...

5.4CVSS6AI score0.00199EPSS
Exploits0References6
OSV
OSV
added 2026/04/22 5:42 p.m.7 views

GHSA-6457-MXPQ-4FQQ i18nextify has DOM XSS via javascript:/data: URL schemes in translated href/src attributes

Summary Versions of i18nextify prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in src/localize.js replaceInside handler around line 122 only guards against a duplicated http:// origin prefix ...

4.7CVSS5.9AI score0.00144EPSS
Exploits0References4
Rows per page
Query Builder