CVE-2026-21513

CVE-2026-21513 is a security feature bypass vulnerability in the MSHTML Framework. Affected component: MSHTML/MSHTML Framework used by Windows’ browsing/rendering stack. Root cause details are described in vendor advisories and security blogs as a protection mechanism bypass that can be triggered...

KB5075999: Windows 10 Version 1607 / Windows Server 2016 Security Update (February 2026)

The remote Windows host is missing security update 5075999. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML template rendering process. An attacker can execute arbitrary JavaScript in the context of a victim's browser by sending a specially crafted OAuth2 connection link containing a malicious display nam...

GHSA-V82V-C5X8-W282 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

Description The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown, an...

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2026-24771

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

EUVD-2026-4752

Hono vulnerable to XSS through ErrorBoundary component...

Hono vulnerable to XSS through ErrorBoundary component

Summary A Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as raw HTML, allowing arbitrary script execution in the victim's browser. Details The issue is in the...

PT-2026-5014

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description A Cross-Site Scripting XSS issue exists in the ErrorBoundary component of the hono/jsx library. Untrusted data from users may be rendered as raw HTML, potentially allowing execution of arbitrary script...

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

EUVD-2026-3778

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

5ire security vulnerabilities

5ire is a cross-platform desktop AI assistant developed by Ironben’s developers. Versions of 5ire prior to 0.15.3 contained security vulnerabilities. These vulnerabilities stemmed from insecure HTML rendering, which allowed unauthorized HTML execution. This could allow attackers to inject malicio...

PT-2026-3863

Name of the Vulnerable Software and Affected Versions 5ire versions prior to 0.15.3 Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, unsafe HTML rendering allows untrusted HTML, including on event attributes...

CVE-2025-13744

An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component search across GitHub that could be used to exfiltrate sensitive information. An attacker would requi...

CVE-2025-13744

CVE-2025-13744 affects GitHub Enterprise Server. The issue is an Improper Neutralization of Input During Web Page Generation in the Filter (search) component, allowing attacker-controlled HTML to be rendered across GitHub and potentially exfiltrate sensitive information. An attacker must have per...

PT-2026-1508

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.20 GitHub Enterprise Server versions 3.14.20 GitHub Enterprise Server versions 3.15.15 GitHub Enterprise Server versions 3.16.11 GitHub Enterprise Server versions 3.17.8 GitHub Enterprise Server...