Lucene search
K

4 matches found

NVD
NVD
added 2026/06/17 10:16 p.m.13 views

CVE-2026-54386

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...

6.1CVSS0.00239EPSS
Exploits0References4
CVE
CVE
added 2026/06/17 9:37 p.m.21 views

CVE-2026-54386

CVE-2026-54386 affects marimo prior to 0.23.9. A reflected XSS in the notebook page arises from improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string. An unauthenticated attacker can craft a link with a payload (notably starting with new ) that ...

6.1CVSS5.1AI score0.00239EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/17 9:37 p.m.20 views

CVE-2026-54386 marimo < 0.23.9 XSS via file Query Parameter in assets.py

marimo before 0.23.9 contains a reflected cross-site scripting vulnerability in the notebook page that allows unauthenticated attackers to inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query parameter reflected into an inline JavaScript string literal...

6.1CVSS0.00239EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/26 3:21 p.m.6 views

CVE-2026-26228

VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalizatio...

4.9CVSS5.5AI score0.00275EPSS
Exploits0References4
Rows per page
Query Builder