233 matches found
UBUNTU-CVE-2026-57438
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the text/html content processing. An attacker can inject and execute arbitrary scripts in the context of the rendered page by supplying malicious HTML content files from untrusted sources. This is only...
CVE-2026-4895
The GreenShift - Animation and Page Builder Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 12.8.9 This is due to insufficient input sanitization and output escaping in the gspbgreenShiftblockscriptassets function. The function uses...
CVE-2026-1285 Potential denial-of-service vulnerability in django.utils.text.Truncator HTML methods
An issue was discovered in 6.0 before 6.0.2, 5.2 before 5.2.11, and 4.2 before 4.2.28. django.utils.text.Truncator.chars and Truncator.words methods with html=True and the truncatecharshtml and truncatewordshtml template filters allow a remote attacker to cause a potential denial-of-service via...
PT-2026-6035
Name of the Vulnerable Software and Affected Versions Django versions 6.0 through 6.0.1 Django versions 5.2 through 5.2.10 Django versions 4.2 through 4.2.27 Django versions 5.0.x and earlier Django versions 4.1.x and earlier Django versions 3.2.x and earlier Description The...
EUVD-2003-0598
Malware in sbrugna...
EUVD-2021-2126
Malware in sbrugna...
EUVD-2005-2543
Malware in sbrugna...
EUVD-2021-2315
Malware in sbrugna...
EUVD-2024-37174
Malicious code in bioql PyPI...
EUVD-2023-2267
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-41165
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source WYSIWYG HTML editor. In affected version a vulnerability has been discovered in the core HTML processing module and may affect all...
PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-918: Server-Side Request Forgery SSRF CVSS vector v.3.1: 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS vector v.4.0: 8.7 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Description: SSRF occurs when a processed HTML document is read and...
CVE-2025-54370 PhpSpreadsheet vulnerable to SSRF when reading and displaying a processed HTML document in the browser
PhpOffice/PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and 5.0.0, SSRF can occur when a processed HTML document is read and displayed in the browser. The vulnerability lies in the setPath method of the...
PhpSpreadsheet 代码问题漏洞
PhpSpreadsheet is an open source PHP library from PHPOffice for reading and writing spreadsheet files. A code issue vulnerability exists in PhpSpreadsheet versions 1.30.0, 2.1.12, 2.4.0, 3.10.0, and prior to 5.0.0, which stems from a server-side request forgery during HTML document processing...
ROS-20250822-03
SafeHtml validator vulnerability in Hibernate Validator library is related to failure to take measures to protect web page structure when processing HTML content. web page structure when processing HTML content. Exploitation of the vulnerability could allow an attacker acting remotely to conduct...
webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution
A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system...
webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced
A vulnerability was found in WebKitGTK. The flaw exists due to a logic issue when processing HTML content in WebKit. This flaw allows a remote attacker to create a specially crafted web page, trick the victim into visiting it, and prevent the Content Security Policy from being enforced, allowing...
webkitgtk: maliciously crafted web content may lead to arbitrary code execution due to use after free
A use-after-free vulnerability was found in WebKitGTK. The vulnerability occurs when processing HTML content in WebKit. This flaw allows a remote attacker to trick the victim into opening a specially crafted web page, triggering a use-after-free error and leading to the execution of arbitrary cod...
The vulnerability of the platform for monitoring, managing, and improving LLM applications lies in the insufficient protection of the website structure, allowing attackers to perform cross-site scripting attacks.
The vulnerability of the platform for monitoring, managing, and improving LLM applications is related to insufficient protection of the web page structure when processing the dangerouslySetInnerHTML attribute. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...