Lucene search
+L

248 matches found

nvd
nvd
added 2026/07/01 4:16 p.m.8 views

CVE-2026-58030

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...

6.1CVSS0.0027EPSS
Exploits0References1
cve
cve
added 2026/07/01 2:58 p.m.16 views

CVE-2026-58030

Summary : CVE-2026-58030 is a stored XSS in Wikimedia Foundation’s SyntaxHighlight_GeSHi due to improper neutralization of input in the linelinks processing. Affected versions are before 1.46.0, 1.45.4, 1.44.6, and 1.43.9. The issue is associated with the includes/SyntaxHighlight.Php component an...

6.1CVSS5.8AI score0.0027EPSS
Exploits0References1Affected Software1
attackerkb
attackerkb
added 2026/07/01 2:58 p.m.7 views

CVE-2026-58030

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation SyntaxHighlightGeSHi. This vulnerability is associated with program files includes/SyntaxHighlight.Php. This issue affects SyntaxHighlightGeSHi: from before 1.46.0,...

5.3CVSS5.8AI score0.0027EPSS
Exploits0References2
nvd
nvd
added 2026/06/29 7:16 p.m.13 views

CVE-2026-53428

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS0.00142EPSS
Exploits0References4
nvd
nvd
added 2026/06/29 7:16 p.m.10 views

CVE-2026-53427

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS0.00405EPSS
Exploits0References4
osv
osv
added 2026/06/29 6:52 p.m.4 views

EEF-CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Summary Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comrak\nif::lumis\adapter::LumisAdapter::parse\highlight\lines in native/comrak\nif/src/lumis\adapter.rs eagerly...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References5
vulnrichment
vulnrichment
added 2026/06/29 6:52 p.m.12 views

CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References4
cve
cve
added 2026/06/29 6:52 p.m.17 views

CVE-2026-53428

Summary: The CVE describes an unbounded memory allocation in the mdex/native codepath when parsing a user-supplied highlight_lines range in Markdown code blocks, enabling a denial-of-service via memory exhaustion. The affected components are mdex (v0.11.0 before 0.12.3) and mdex_native (v0.1.0 be...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References4
osv
osv
added 2026/06/29 6:52 p.m.4 views

CVE-2026-53428 Unbounded memory allocation in highlight_lines range expansion in mdex

Memory Allocation with Excessive Size Value vulnerability in leandrocp mdex allows an unauthenticated attacker to cause a denial of service through unbounded memory allocation. comraknif::lumisadapter::LumisAdapter::parsehighlightlines in native/comraknif/src/lumisadapter.rs eagerly expands a...

6.9CVSS6.1AI score0.00142EPSS
Exploits0References10
osv
osv
added 2026/06/29 6:50 p.m.3 views

CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS6AI score0.00405EPSS
Exploits0References10
cve
cve
added 2026/06/29 6:50 p.m.15 views

CVE-2026-53427

The CVE-2026-53427 issue is a cross-site scripting vulnerability in leandrocp MDEx exposed via Markdown rendering. When render: full_info_string is enabled, the Lumis adapter copies a code fence’s highlight_lines_class info-string into per-line HTML class attributes, parsing key=value pairs via s...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/06/29 6:50 p.m.10 views

CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/29 6:50 p.m.30 views

CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: fullinfostring: true are enabled, t...

2.3CVSS0.00405EPSS
Exploits0References4
osv
osv
added 2026/06/29 6:50 p.m.5 views

EEF-CVE-2026-53427 Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute

Summary Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in leandrocp MDEx allows stored or reflected cross-site scripting via attacker-controlled Markdown. When syntax highlighting and full info-string forwarding render: \full\info\string: true\ ar...

2.3CVSS5.8AI score0.00405EPSS
Exploits0References5
euvd
euvd
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36781

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

5.7AI score0.00374EPSS
Exploits0References2
nvd
nvd
added 2026/06/15 8:16 p.m.9 views

CVE-2026-50883

An HTML injection vulnerability in the /src/highlight.rs component of matze wastebin v3.4.1 allows attackers to execute arbitrary scripts via a crafted payload...

9.6CVSS0.00374EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.17 views

PT-2026-49324

Name of the Vulnerable Software and Affected Versions matze wastebin version 3.4.1 Description An HTML injection issue in the /src/highlight.rs component allows attackers to execute arbitrary scripts using a crafted payload. HTML injection is a process where an attacker inserts malicious HTML cod...

9.6CVSS6.2AI score0.00374EPSS
Exploits0References3
cve
cve
added 2026/06/15 12:0 a.m.19 views

CVE-2026-50883

CVE-2026-50883 refers to an HTML injection in the matze wastebin project (v3.4.1) affecting the internal component /src/highlight.rs . The root cause is not explicitly detailed beyond mention of HTML injection via a crafted payload, leading to arbitrary script execution. The vulnerability is rate...

9.6CVSS5.8AI score0.00374EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/10 2:2 p.m.8 views

CVE-2026-45560 Roxy-WI: Stored XSS in log viewer (wrap_line/highlight_word produce unescaped HTML)

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, wrapline app/modules/common/common.py:181-186 and highlightword app/modules/common/common.py:188-192 build raw HTML by string concatenation with no escaping. The frontend...

6.1CVSS5.4AI score0.00149EPSS
Exploits0References1
packetstorm
packetstorm
added 2026/04/22 12:0 a.m.71 views

📄 WordPress Highlight and Share 5.2.0 Missing Authentication

WordPress Highlight and Share plugin versions 5.2.0 and below suffers from a missing authentication vulnerability. Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link:...

4.7CVSS5.8AI score0.00407EPSS
Exploits2
Rows per page
Query Builder