Lucene search
K

431 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-55437

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the AgentLogLine dashboard component instantiated ansi-to-html without escapeXML: true and inserted the result via dangerouslySetInnerHTML so HTML embedded...

5.4CVSS0.00316EPSS
Exploits0References6
Cvelist
Cvelist
added last week31 views

CVE-2026-55647 DataEase: authenticated stored XSS in the dashboard text components

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, dashboard text components render stored component content with Vue v-html without server-side HTML sanitization, allowing an authenticated user who can edit dashboard component data to inject HTML with executable...

5.1CVSS0.00269EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 8:16 p.m.3 views

DEBIAN-CVE-2026-50133

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html" had their body emitted verbatim...

6.1CVSS5.4AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/02 7:38 p.m.11 views

EUVD-2026-41421

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.4CVSS5.9AI score0.00182EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/25 7:15 p.m.6 views

CVE-2026-44016

A flaw was found in Docling. If the HTML backend is explicitly configured for rendering, a remote attacker could exploit a vulnerability in the Playwright-based rendering feature by crafting malicious HTML documents. This could allow the attacker to execute arbitrary JavaScript or make unauthoriz...

8.2CVSS6.3AI score0.00384EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 6:17 p.m.9 views

CVE-2026-44016

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS0.00384EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/24 5:42 p.m.4 views

CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS6.7AI score0.00384EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:42 p.m.30 views

CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.5 views

PT-2026-52167

Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description Improper neutralization of input during web page generation allows Cross-Site Scripting XSS. The module and...

6.2AI score0.00161EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2026-1847)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1847 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

9.6CVSS7AI score0.00478EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Amazon Linux 2023 : credentials-fetcher (ALAS2023-2026-1885)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1885 advisory. Parsing arbitrary HTML can consume excessive CPU time, possibly leading to denial of service. CVE-2026-25680 Parsing arbitrary HTML which is then rendered using Render can result in an...

9.6CVSS6.9AI score0.00939EPSS
Exploits0References20
Cvelist
Cvelist
added 2026/06/11 5:3 a.m.34 views

CVE-2026-40986 Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker...

4.8CVSS0.00201EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 5:3 a.m.8 views

CVE-2026-40986 Spring Web Flow JS RemotingHandler renders non-HTML Response as HTML

Spring Web Flow's JavaScript RemotingHandler renders the body of an error response as HTML even when the response is not "text/html", which can result in a scripting attack in the user's browser if the error response from the server contains error details with input reflected from an attacker...

4.8CVSS5.3AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:1 p.m.12 views

CVE-2026-46492

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including...

7.2CVSS5.2AI score0.00213EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 6:46 p.m.16 views

EUVD-2026-33304

WWBN AVideo: Stored XSS via unescaped Gallery category description...

5.4CVSS5.8AI score0.00162EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/04 6:46 p.m.20 views

WWBN AVideo: Stored XSS via unescaped Gallery category description

Summary AVideo stores category descriptions from user input and later renders categorydescription as raw HTML in the Gallery view. A user who can create or edit categories can store JavaScript in a category description, which executes when another user views the affected Gallery/category page. Th...

5.4CVSS5.9AI score0.00162EPSS
Exploits1References4Affected Software1
Snyk
Snyk
added 2026/06/03 9:9 p.m.11 views

Server-side Request Forgery (SSRF)

Overview docling is a SDK and CLI for parsing PDF, DOCX, HTML, and more, to a unified document representation for powering downstream workflows such as gen AI applications. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the HTML rendering process when the...

8.2CVSS5.8AI score0.00384EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.15 views

PT-2026-46114

Name of the Vulnerable Software and Affected Versions Anti-Spam by CleanTalk versions 0.0.0 through 9.7.1 Description Reflected Cross-site Scripting XSS occurs when the module fails to sufficiently sanitize API response messages before rendering them in HTML output. Specifically, the cleantalk di...

6.2AI score0.00161EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/02 1:42 a.m.21 views

SUSE CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References18
SUSE CVE
SUSE CVE
added 2026/06/02 1:40 a.m.14 views

SUSE CVE-2026-42502

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References16
Rows per page
Query Builder