6 matches found
CVE-2026-52807
Gogs is an open source self-hosted Git service. Prior to 0.14.3, in newform.tmpl, milestone names are rendered with Go's default auto-escaping .Name, which converts to etc. This prevents direct HTML injection. However, when the browser renders the DOM, the text content of the element contains the...
Malicious code in @sporta-technology/d11-web-components.dropdown (npm)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-3326 Malicious code in @sporta-technology/d11-web-components.dropdown (npm)
--- -= Per source details. Do not edit below this line.=-...
Data Validation Bypass
Gradio is vulnerable to a Data Validation Bypass vulnerability. The vulnerability is due to improper enforcement of input constraints due to the pre-processing step in the Dropdown component, allowing attackers to send custom requests with arbitrary values even when the allowcustomvalue parameter...
GHSA-26JH-R8G2-6FPR Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Impact What kind of vulnerability is it? Who is impacted? This vulnerability is a data validation issue in the Gradio Dropdown component's pre-processing step. Even if the allowcustomvalue parameter is set to False, attackers can bypass this restriction by sending custom requests with arbitrary...
Cross-Site Scripting
Overview Versions of ids-enterprise prior to 4.18.2 are vulnerable to Cross-Site Scripting XSS. The soho-dropdown component does not properly encode its output and may allow attackers to execute arbitrary JavaScript. Recommendation Upgrade to version 4.18.2 or later References - GitHub Issue -...