ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence AI assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhi...

CVE-2026-43899 DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass RCE. While the patch correctly restricted...

CVE-2026-43899

DeepChat (open-source AI agent platform) has a CVE-2026-43899 stating an incomplete fix for CVE-2025-55733 prior to v1.0.4-beta.1. The issue: mitigation restricted api.openExternal() in renderer preload/index.ts but did not sanitize native Electron pop-up window handlers, allowing a compromised A...

Cross-site Scripting (XSS)

Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of the pending user overlay content due to improper sanitization order. An attacker can execute arbitrary JavaScript in the browser context of affected users ...

CVE-2026-41063

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization...

CVE-2026-41063 WWBN AVideo has incomplete fix for CVE-2026-33500 (XSS)

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization...

CVE-2026-41063

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization...

CVE-2026-41063 WWBN AVideo has incomplete fix for CVE-2026-33500 (XSS)

WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the MarkdownBody class, where user-supplied markdown content is rendered without proper URL sanitization due to an overridden urlTransform function. An attacker can execute arbitrary JavaScript in the context...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the MarkdownBody class, where user-supplied markdown content is rendered without proper URL sanitization due to an overridden urlTransform function. An attacker can execute arbitrary JavaScript in the context...

WWBN AVideo has an incomplete fix for CVE-2026-33500: XSS

Summary The incomplete XSS fix in AVideo's ParsedownSafeWithLinks class overrides inlineMarkup for raw HTML but does not override inlineLink or inlineUrlTag, allowing javascript: URLs in markdown link syntax to bypass sanitization. Affected Package - Ecosystem: Other - Package: AVideo - Affected...

Vikunja has HTML Injection via Task Titles in Overdue Email Notifications

Summary Task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags, injected Markdown constructs produce phishing links and tracking pixels in...

GHSA-45Q4-X4R9-8FQJ Vikunja has HTML Injection via Task Titles in Overdue Email Notifications

Summary Task titles are embedded directly into Markdown link syntax in overdue email notifications without escaping Markdown special characters. When rendered by goldmark and sanitized by bluemonday which allows and tags, injected Markdown constructs produce phishing links and tracking pixels in...

CVE-2026-35166

Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in...

Hugo 跨站脚本漏洞

Hugo is a framework based on the Go language used for quickly generating static websites within the Gohugoio community. Versions of Hugo from 0.60.0 to 0.159.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper escaping of links and image links in the default...

CVE-2026-33500

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass:...

CVE-2026-33500

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass:...

CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass:...

CVE-2026-33500 AVideo Vulnerable to Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass:...

AVideo - Incomplete Fix for CVE-2026-27568: Stored XSS via Markdown `javascript:` URI Bypasses ParsedownSafeWithLinks Sanitization

Summary The fix for CVE-2026-27568 GHSA-rcqw-6466-3mv7 introduced a custom ParsedownSafeWithLinks class that sanitizes raw HTML and tags in comments, but explicitly disables Parsedown's safeMode. This creates a bypass: markdown link syntax text is processed by Parsedown's inlineLink method, which...