166 matches found
GHSA-X4HG-HFWF-P9MW @asymmetric-effort/nogginlessdom vulnerable to ReDoS via user-controlled regex in HTMLInputElement pattern validation
Summary The HTMLInputElement.checkValidity method constructed a RegExp directly from the user-controlled pattern property without any sanitization or timeout protection. This allowed an attacker to inject a regex with catastrophic backtracking, freezing the event loop. Fix Fixed in commit...
CVE-2026-34096
Guardian language-system fails to sanitize the name GET parameter before outputting it into an HTML input value attribute in designer.php line 57. An authenticated attacker can craft a URL containing script tags that execute in the victim's browser session...
EUVD-2026-40770
Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
CVE-2026-21768
The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...
CVE-2026-21768
CVE-2026-21768 affects the compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android. The vulnerability arises from improper validation of HTML input in the rich text editor, enabling execution of malicious content in certain scenarios. According to NVD, CVSSv3.1 base score is 6.3 (...
PT-2026-50924
Name of the Vulnerable Software and Affected Versions compose-rich-editor version 1.0.0-rc14 Description The compose-rich-editor library, used in HCL Verse for Android for rich text email composition, fails to properly validate HTML input. This lack of validation allows malicious content to be...
OPENSUSE-SU-2026:20827-1 Security update for python-mistune
This update for python-mistune fixes the following issues - CVE-2026-33079: ReDoS in LINKTITLERE can lead to denial of service via a crafted Markdown bsc1264347. - CVE-2026-33441: processing of malformed reference links can lead to excessive resource consumption and denial of service bsc1264752. ...
Cross-site Scripting (XSS)
Overview github.com/golang/net/html is a package that implements an HTML5-compliant tokenizer and parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the childTextNodesAreLiteral function in render.go. An attacker can cause the execution of scripts in the...
EUVD-2026-31294
Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in dbloader.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the multiple POST parameters ticketshost, ticketsdb, ticketsuser, ticketspassword,...
CVE-2026-45347
CVE-2026-45347 concerns Open WebUI, a self-hosted offline AI platform. The vulnerability is a blind server-side request forgery (SSRF) via the PDF generate function, where user inputs embedded in the PDF are processed as HTML. Tests show most dangerous tags (e.g., iframe, object) are blocked, but...
PT-2026-41388
Name of the Vulnerable Software and Affected Versions NukeViet CMS versions prior to 4.5.08 Description Stored Cross-Site Scripting XSS occurs due to insufficient server-side input sanitization in the Request class. The application relies on client-side filtering to sanitize HTML tags and...
CLSA-2026-1778233301 python3.9: Fix of 7 CVEs
CVE-2025-1795: fix incorrect parsing of email addresses with special chars - CVE-2025-4516: fix use-after-free in unicode-escape decoder with non-strict error handler - CVE-2025-6069: fix quadratic complexity in HTMLParser special input - CVE-2025-8291: fix zip64 end-of-central-directory record...
CVE-2026-40593
ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor UserEditor.php renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars. An administrator can save a username containing HTML attribute-breaking characte...
Linux Distros Unpatched Vulnerability : CVE-2026-20031
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS conditi...
Arbitrary File Upload
Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the file upload. An administrator can execute arbitrary JavaScript in the context of the application by uploading a crafted SVG or HTML file containing malicious scripts, which are then served to users without...
Cross-site Scripting (XSS)
Overview league/commonmark is a PHP-based Markdown parser which supports the full CommonMark spec. It is based on the CommonMark JS reference implementation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the DisallowedRawHtml extension when a newline, tab, or...
CVE-2026-30841
Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, passwordreset.php outputs $GET"token" and $GET"email" directly into HTML input value attributes using and without calling htmlspecialchars. This allows reflected XSS by breaking out of the attribute...
GHSA-5WMX-573V-2QWQ Python-Markdown has an Uncaught Exception
Python-Markdown version 3.8 contain a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Because Python-Markdown does not catch this exception, any application that processes attacker-controlled Markdown...
CVE-2026-27502
SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in log.php via the search query parameter. The application embeds the unsanitized parameter value directly into an HTML input value attribute, allowing an unauthenticated remote attacker to inject and execute...
CVE-2026-26273
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve...