Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 4 hours ago4 views

CVE-2026-54011

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6,Open WebUI renders Mermaid blocks from Markdown files in the file preview panel and inserts the generated SVG into the DOM using innerHTML. Because Mermaid is configured with...

8.7CVSS0.00037EPSS
Exploits0References1
Github Security Blog
Github Security Blogadded 2025/08/19 8:16 p.m.14 views

Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Summary In the default configuration of mermaid 11.9.0, user supplied input for architecture diagram icons is passed to the d3 html method, creating a sink for cross site scripting. Details Architecture diagram service iconText values are passed to the d3 html method, allowing malicious users to...

6.1CVSS5.3AI score0.00342EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVEadded 2025/08/19 5:4 p.m.4 views

CVE-2025-54881

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duri...

5.3CVSS5.2AI score0.0071EPSS
Exploits0
Positive Technologies
Positive Technologiesadded 2025/08/19 12:0 a.m.4 views

PT-2025-33816

Name of the Vulnerable Software and Affected Versions: Mermaid versions 10.9.0-rc.1 through 11.9.0 Description: Mermaid is a JavaScript-based diagramming and charting tool that utilizes Markdown-inspired text definitions and a renderer to create and modify diagrams. In the default configuration,...

5.3CVSS4.7AI score0.0071EPSS
Exploits0References18
Tenable Nessus
Tenable Nessusadded 2025/08/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2019-17022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is pasted directly int...

6.1CVSS7.5AI score0.01988EPSS
Exploits0References2
SUSE CVE
SUSE CVEadded 2023/02/15 4:7 a.m.2 views

SUSE CVE-2019-17022

When pasting a style tag from the clipboard into a rich text editor, the CSS sanitizer does not escape and characters. Because the resulting string is pasted directly into the text node of the element this does not result in a direct injection into the webpage; however, if a webpage subsequently...

6.1CVSS8.2AI score0.01988EPSS
Exploits0References10
RedHat Linux
RedHat Linuxadded 2009/06/25 3:7 p.m.1 views

jar: scheme ignores the content-disposition: header on the inner URI

The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting XSS attacks and possibly other attacks via an uploaded .jar file with a...

4.3CVSS7.3AI score0.01329EPSS
Exploits0References4
Rows per page
Query Builder