Lucene search
K

231 matches found

ATTACKERKB
ATTACKERKB
added 3 days ago4 views

CVE-2026-55408

Koodo Reader is an ebook reader. In version 2.3.0 and earlier, Koodo Reader is vulnerable to remote code execution through malicious EPUB files because the open-book IPC handler enables nodeIntegrationInSubFrames and EPUB chapter content is rendered with unsanitized innerHTML. An attacker can cra...

8.4CVSS6.8AI score0.00188EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/23 4:47 p.m.12 views

CVE-2026-54011

Open WebUI vulnerability CVE-2026-54011 is a stored XSS in Mermaid Markdown Preview. Affected versions include main and 0.8.12; the Mermaid rendering uses securityLevel: 'loose' and injects SVG via innerHTML in the file preview path, enabling JavaScript execution in the app origin. The issue is c...

8.7CVSS6AI score0.002EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/23 1:16 p.m.4 views

PYSEC-2026-230

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

5.3CVSS5.6AI score0.00417EPSS
Exploits0References3
NVD
NVD
added 2026/06/23 1:16 p.m.10 views

CVE-2026-56263

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS0.00195EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/23 1:16 p.m.6 views

PYSEC-2026-230

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS5.6AI score0.00195EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/23 12:13 p.m.5 views

CVE-2026-56263

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:27 p.m.3 views

CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/22 3:27 p.m.76 views

CVE-2026-54265

The CVE-2026-54265 issue affects the Angular @angular/compiler, where two-way binding on sensitive native DOM properties (e.g., innerHTML, src, href, data, sandbox) can bypass the sanitizer resolution. Prior to versions 22.0.1, 21.2.17, and 20.3.25, the template compiler failed to apply the appro...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/22 3:27 p.m.6 views

CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

6.1CVSS5.8AI score0.00195EPSS
Exploits0
NVD
NVD
added 2026/06/22 2:17 p.m.11 views

CVE-2026-9029

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS0.00266EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/22 1:18 p.m.33 views

CVE-2026-9029 Stored XSS via Geomap Panel Template Variable Attribution Injection

The geomap panel's XYZ tile layer has a sanitize-then-interpolate ordering bug. sanitizeTextPanelContent runs on the raw template string before getTemplateSrv.replace substitutes the variable value, which uses the glob format with no HTML escaping. The result is passed to OpenLayers via...

7.3CVSS0.00266EPSS
Exploits0References1
NVD
NVD
added 2026/06/20 4:17 p.m.14 views

CVE-2026-56317

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

6.1CVSS0.00209EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/20 3:21 p.m.7 views

EUVD-2026-38112

Nuxt before 4.4.7 and the 3.x branch before 3.21.7 contains a cross-site scripting vulnerability in the NoScript component that writes slot content to innerHTML without escaping. Attackers can inject malicious scripts through untrusted data in NoScript slots, such as route.query parameters, which...

2.3CVSS5.7AI score0.00209EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.10 views

PT-2026-51065

Name of the Vulnerable Software and Affected Versions jupyterlab-git affected versions not specified Description A stored cross-site scripting XSS issue exists in the PlainTextDiff.ts component of the jupyterlab-git extension. The createHeader function passes Git filenames directly to innerHTML...

9.3CVSS6.6AI score0.00284EPSS
Exploits1References7
OSV
OSV
added 2026/06/17 6:10 p.m.2 views

GHSA-9CPJ-QC93-VW8V Gitea: Stored XSS via glTF `extensionsRequired` in Gitea 3D File Viewer

Summary Me again. Gitea's built-in 3D file viewer powered by Online3DViewer is vulnerable to stored cross-site scripting XSS through crafted .gltf files. When a glTF file declares an unsupported required extension, Online3DViewer generates an error message containing the extension name and Gitea...

8.7CVSS5.8AI score0.00336EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50586

Name of the Vulnerable Software and Affected Versions Gitea versions 1.25.0 and later Description Gitea is subject to stored cross-site scripting XSS through the built-in 3D file viewer, which utilizes the Online3DViewer library. The issue occurs when a .gltf file contains an unsupported extensio...

8.7CVSS6AI score0.00336EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.13 views

PT-2026-51506

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description A stored cross-site scripting issue exists in the monitor dashboard. The application renders crawl URLs and error messages using innerHTML without proper escaping. This allows an attacker to submit ...

9.3CVSS5.6AI score0.00195EPSS
Exploits0References17
OSV
OSV
added 2026/06/15 5:22 p.m.3 views

GHSA-58W9-8G37-X9V5 @angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 5:22 p.m.69 views

@angular/compiler: Two-Way Property Binding Sanitization Bypass (XSS)

An issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property bindings. Specifically, when a native DOM property that requires sanitization such as innerHTML, srcdoc, src, href, data, or sandbox is bound using the two-way binding syntax...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/06/10 5:42 p.m.12 views

EUVD-2026-36077

draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.12, a crafted .drawio file can execute arbitrary JavaScript in the editor's origin when the file is opened. The vulnerability is not in the label sanitizer which works correctly on the rendering path but in...

6.1CVSS5.9AI score0.00221EPSS
Exploits1References2
Rows per page
Query Builder