Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/05/26 7:5 p.m.7 views

GHSA-G2G4-47GV-P72V CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS

Summary CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags. Because the sanitizer only validates the src attribute of , and elements, and does not restrict other attributes, an attacker can inject arbitrary HTML through srcdoc. This completel...

6.1CVSS6AI score0.00031EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/05/20 12:0 a.m.7 views

PT-2026-42220

Name of the Vulnerable Software and Affected Versions CryptPad versions prior to 2026.2.0 Description The HTML sanitizer in Diffmarked.js contains a flaw where it fails to properly filter attributes on restricted tags. While the sanitizer validates the src attribute for , , and elements, it does...

6.1CVSS5.9AI score0.00031EPSS
Exploits0References6
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2013-5363

Malware in sbrugna...

4.3CVSS6.4AI score0.00545EPSS
Exploits0References8
Positive Technologies
Positive Technologiesadded 2025/06/04 12:0 a.m.2 views

PT-2025-23847 · Freshrss · Freshrss

Name of the Vulnerable Software and Affected Versions: FreshRSS versions prior to 1.26.2 Description: The issue allows an attacker to run arbitrary JavaScript on the feeds page by combining a cross-site scripting XSS issue in f.php with the lack of Content Security Policy CSP when SVG favicons ar...

6.7CVSS5.8AI score0.00301EPSS
Exploits1References6
OSV
OSVadded 2016/09/11 10:59 a.m.0 views

UBUNTU-CVE-2016-5162

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

6.5CVSS7AI score0.00682EPSS
Exploits0References3
OSV
OSVadded 2016/08/08 12:59 a.m.0 views

CVE-2016-1474

Cisco Prime Infrastructure 2.22 does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting XFS" issue, aka Bug ID CSCuw65846, a different...

4.3CVSS5.8AI score
Exploits0References3
Positive Technologies
Positive Technologiesadded 2012/08/12 12:0 a.m.6 views

PT-2012-4111

Name of the Vulnerable Software and Affected Versions WinWebMail Server version 3.8.1.6 Description The issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message body using various methods, including a SCRIPT element, crafted Cascading Style Sheets CSS expressions...

4.3CVSS6AI score0.00359EPSS
Exploits1References4
Rows per page
Query Builder