SUSE CVE-2026-7899

Out of bounds read and write in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2026-7940

Use after free in V8 in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome Extension. Chromium security severity: Medium...

SUSE CVE-2026-7999

Inappropriate implementation in V8 in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

SUSE CVE-2026-23926

An authenticated non-super administrator can create a maintenance period with a JavaScript payload that is executed by any user that opens tooltip for that maintenance period in the Host navigator widget. This can allow the attacker to perform unauthorized actions depending on which user opens th...

SUSE CVE-2026-23928

The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an attacker to perform unauthorized actions depending on which user opens a dashboard containing these widgets. The malicious JavaScript would...

Nuclei 访问控制错误漏洞

Nuclei is a fast-customizable vulnerability scanner based on simple YAML, open-sourced by ProjectDiscovery. In versions 3.0.0 to 3.8.0 of Nuclei, there was an access control vulnerability. This vulnerability stemmed from the JavaScript protocol’s runtime feature, which allowed reading of local.js...

Ubuntu 24.04 LTS / 25.10 / 26.04 LTS : WebKitGTK vulnerabilities (USN-8237-1)

The remote Ubuntu 24.04 LTS / 25.10 / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8237-1 advisory. Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious...

Brave CMS 跨站脚本漏洞

Brave CMS is a blog and news content management system developed by Razvan Zamfir, based on Laravel. Brave CMS has a cross-site scripting vulnerability, which arises from the CKEditor rich text editor storing and rendering input content without escaping, potentially allowing for arbitrary...

PT-2026-39294

Name of the Vulnerable Software and Affected Versions Open WebUI versions 0.3.5 through 0.8.12 Description A stored cross-site scripting XSS issue allows authenticated users with model creation permissions workspace.models to execute arbitrary JavaScript in the browsers of other users, including...

Joern 4.0.536

Joern is the bug hunter's workbench. With this tool, you can uncover attack surface, sloppy coding practices, and variants of known vulnerabilities using an interactive code analysis shell. Joern supports C, C++, LLVM bitcode, x86 binaries via Ghidra, JVM bytecode via Soot, and Javascript...

PT-2026-39284

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The AccountPending.svelte component renders admin-configured "Pending User Overlay Content" using marked.parse inside @html with an incorrect DOMPurify application order. DOMPurify is applied to t...

Scanner 代码注入漏洞

Scanner is an AI model security assessment tool developed by 0DIN.ai. Versions 1.0.0 to 1.4.1 of Scanner contained a code injection vulnerability. This vulnerability originated from JavaScript injection in BrowserAutomation::PlaywrightService, which could lead to remote code execution...

PT-2026-38966

Name of the Vulnerable Software and Affected Versions ai-scanner versions 1.0.0 through 1.4.0 Description Remote code execution is possible via JavaScript injection in the BrowserAutomation::PlaywrightService function. This software is an AI model safety scanner built on NVIDIA garak...

PT-2026-38646

Name of the Vulnerable Software and Affected Versions electerm versions prior to 3.7.16 Description The runWidget function in src/app/widgets/load-widget.js constructs a file path by directly concatenating user-supplied widget identifiers without sanitization. Since runWidget is exposed to the...

GHSA-3V85-FQVH-7RXF Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribers

Summary The public RSS/Atom feed at /rss renders two attacker-controlled surfaces without HTML escaping. Tag names flow through fmt.AppendfrenderedContent, "%s", tag.Name at internal/service/common/common.go:120, and the Markdown renderer at internal/util/md/md.go does not set the html.SkipHTML...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

Ech0's RSS feed renders unescaped tag names and raw-HTML markdown, stored XSS against subscribers

Summary The public RSS/Atom feed at /rss renders two attacker-controlled surfaces without HTML escaping. Tag names flow through fmt.AppendfrenderedContent, "%s", tag.Name at internal/service/common/common.go:120, and the Markdown renderer at internal/util/md/md.go does not set the html.SkipHTML...

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the RSS feed rendering process. An attacker can execute arbitrary JavaScript in the context of RSS readers by injecting malicious tag names or raw HTML markdown content. This is only exploitab...

CVE-2026-41692

i18nextify is a JavaScript library that adds website internationalization via a script tag, without source code changes. Versions prior to 4.0.8 substitute key interpolation tokens inside src and href attribute values with the raw string returned by i18next.t. The substitution logic in...

CVE-2026-41929

Vvveb before 1.0.8.2 contains an unauthenticated reflected cross-site scripting vulnerability in the visual editor preview renderer that allows attackers to execute arbitrary JavaScript by manipulating the r query parameter and componentajax POST parameter. Attackers can craft a malicious link or...