PT-2026-39288

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description The software fails to escape HTML when storing and rendering Attribute View AV names. The kernel stores these names without escaping and uses a raw string replacement to embed them in HTML before...

Authelia 跨站脚本漏洞

Authelia is a single-signpoint login multi-factor portal developed by Authelia OpenSource. Version 4.39.15 of Authelia contains a cross-site scripting vulnerability. This vulnerability arises from the lack of neutralization of the language cookie value during the rendering of HTML templates, whic...

Mattermost Confluence Plugin 安全漏洞

The Mattermost Confluence Plugin is a plugin developed by the American company Mattermost. Versions of the Mattermost Confluence Plugin prior to version 1.7.0 contained security vulnerabilities. These vulnerabilities stemmed from improper escaping of user-controlled display names during HTML...

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413 | Microsoft Outlook Remote Code Execution Vulne...

Cross-site Scripting (XSS)

Overview label-studio is a Label Studio annotation tool Affected versions of this package are vulnerable to Cross-site Scripting XSS via the customhotkeys process. An attacker can execute arbitrary JavaScript in the context of another user's browser and gain unauthorized access to sensitive API...

EUVD-2019-3311

Malware in sbrugna...

EUVD-2013-2037

Malware in sbrugna...

EUVD-2003-0596

Malware in sbrugna...

EUVD-2025-0046

Malicious code in bioql PyPI...

EUVD-2021-33067

Malicious code in bioql PyPI...

EUVD-2022-28659

Malicious code in bioql PyPI...

EUVD-2022-5155

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-55601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed bel...

jte's HTML templates containing Javascript template strings are subject to XSS

Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...

GHSA-VH22-6C6H-RM8Q jte's HTML templates containing Javascript template strings are subject to XSS

Summary Jte HTML templates with script tags or script attributes that include a Javascript template string backticks are subject to XSS. Details The javaScriptBlock and javaScriptAttribute methods in the Escape class source do not escape backticks, which are used for Javascript template strings...

SUSE SLES12 Security Update : go1.21 (SUSE-SU-2024:0800-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0800-1 advisory. - When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client...

Oracle Linux 9 : skopeo (ELSA-2023-7762)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7762 advisory. 2:1.13.3-3 - Rebuild with golang 1.20.10 - Related: Jira:RHEL-2786 2:1.13.3-2 - Rebuild with golang 1.21.3 - Related: Jira:RHEL-2786 Tenable has...

RHEL 9 : buildah (RHSA-2023:7764)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7764 advisory. The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a...

golang: html/template: improper handling of empty HTML attributes

A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...

golang: html/template: improper handling of empty HTML attributes

A flaw was found in golang. Templates containing actions in unquoted HTML attributes, for example, "attr=." executed with empty input, could result in output that has unexpected results when parsed due to HTML normalization rules. This issue may allow the injection of arbitrary attributes into ta...