Lucene search
K

453 matches found

Snyk
Snyk
added 2026/04/10 7:22 p.m.4 views

Cross-site Scripting (XSS)

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8CVSS5.5AI score0.00216EPSS
Exploits1References2
NVD
NVD
added 2026/04/09 10:16 p.m.6 views

CVE-2026-40112

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...

6.1CVSS0.00216EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/09 9:16 p.m.3 views

CVE-2026-40112

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The sanitizehtml function relies on the nh3 library, which is not listed as a required or optional dependency in pyproject.toml...

5.4CVSS6AI score0.00216EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/08 6:34 p.m.9 views

EUVD-2026-20511

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

6.1AI score0.00236EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/08 12:0 a.m.20 views

CVE-2026-31017

A Server-Side Request Forgery SSRF vulnerability exists in the Print Format functionality of ERPNext v16.0.1 and Frappe Framework v16.1.1, where user-supplied HTML is insufficiently sanitized before being rendered into PDF. When generating PDFs from user-controlled HTML content, the application...

0.00236EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 3:47 p.m.4 views

CVE-2026-35218

Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names tables, views, queries, automations using Svelte's @html directive without any sanitization. An authenticated user with Builder access can create a table, automation, vie...

8.7CVSS5.8AI score0.0033EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.5 views

PT-2026-29978

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment...

6.1CVSS5.9AI score0.00251EPSS
Exploits0References8
Snyk
Snyk
added 2026/03/31 11:12 p.m.5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the cleanupXss function when sanitizing HTML content with conflicting htmLawed configuration options. An attacker can execute arbitrary JavaScript in the context of the affected application by injecting...

6.1CVSS6AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:0 p.m.4 views

CVE-2026-2995

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...

7.7CVSS5.8AI score0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.4 views

EUVD-2026-15811

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...

7.7CVSS5.8AI score0.00187EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 5:16 p.m.4 views

CVE-2026-2995

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...

7.7CVSS0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/25 4:33 p.m.6 views

CVE-2026-2995 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email addresses to targeted user accounts due to improper sanitization of HTML content...

7.7CVSS5.8AI score0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/03/25 4:33 p.m.32 views

CVE-2026-2995

Summary: CVE-2026-2995 affects GitLab Enterprise Edition (GitLab EE) and was fixed via patch releases. Affected versions (as remediated): all GitLab EE versions from 15.4 before 18.8.7; 18.9 before 18.9.3; and 18.10 before 18.10.1. Root cause / vulnerability: improper sanitization of HTML content...

7.7CVSS5.8AI score0.00187EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 4:33 p.m.5 views

CVE-2026-2995

Removed by vendor...

7.7CVSS5.8AI score0.00187EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.16 views

PT-2026-27992

Name of the Vulnerable Software and Affected Versions GitLab EE versions 15.4 through 18.8.6 GitLab EE versions 18.9 through 18.9.2 GitLab EE versions 18.10 through 18.10.0 Description An authenticated user could add email addresses to targeted user accounts due to improper sanitization of HTML...

7.7CVSS5.9AI score0.00187EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.5 views

GitLab 15.4 < 18.8.7 / 18.9 < 18.9.3 / 18.10 < 18.10.1 (CVE-2026-2995)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab EE affecting all versions from 15.4 before 18.8.7, 18.9 before 18.9.3, and 18.10 before 18.10.1 that could have allowed an authenticated user to add email...

7.7CVSS5.9AI score0.00187EPSS
Exploits0References5
OSV
OSV
added 2026/03/20 8:56 p.m.5 views

GHSA-72H5-39R7-R26J AVideo - Incomplete Fix for CVE-2026-27568: Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

Summary The fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass: markdown link syntax text is processed by Parsedown's inlineLink method, which...

5.4CVSS5.9AI score0.00218EPSS
Exploits2References4
NVD
NVD
added 2026/03/20 9:16 a.m.11 views

CVE-2026-33066

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, the backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through unmodified. The frontend then assigns the rendered HTML to innerHTML without any...

9CVSS0.00584EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/19 8:52 p.m.5 views

EUVD-2026-13192

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, the onebox method in the SharedAiConversation model renders the conversation title directly into HTML without proper sanitization. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 conta...

5.1CVSS5.7AI score0.00347EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/09 12:0 a.m.3 views

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Bleach vulnerabilities (USN-8077-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8077-1 advisory. It was discovered that Bleach did not properly sanitize URI attributes containing character entities. An attacker could possibly...

9.8CVSS5.4AI score0.02229EPSS
Exploits4References6
Rows per page
Query Builder