Lucene search
K

3473 matches found

CVE
CVE
added 2026/06/25 2:11 p.m.13 views

CVE-2026-57534

Summary: CVE-2026-57534 affects the pretix-pages plugin, where malicious HTML content can be injected into a page’s content, causing a stored XSS condition. The root cause is described as unsafe handling of page content within the plugin; exploitation details are not provided beyond the stored-XS...

2.1CVSS5.8AI score0.0033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:13 p.m.5 views

CVE-2026-52796

Gogs is an open source self-hosted Git service. Prior to 0.14.3, specially crafted issue index pattern can cause a panic when rendering, resulting in denial of service. In internal/markup/markup.go, RenderIssueIndexPattern renders the issue index pattern to a link using com.Expand, which is not...

3.5CVSS5.9AI score0.00284EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability in Chromium

The incorrect security UI in Blink in Google Chrome prior to version 147.0.7727.55 allowed a remote attacker to perform UI spoofing through a crafted HTML page. Chromium security severity: Medium...

4.3CVSS6.7AI score0.00191EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

10CVSS6.1AI score0.00483EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Python 3.11

Python-Markdown version 3.8 contains a vulnerability where malformed HTML-like sequences can cause html.parser.HTMLParser to raise an unhandled AssertionError during Markdown parsing. Since Python-Markdown does not catch this exception, any application that processes Markdown controlled by...

8.2CVSS5.8AI score0.00566EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Chromium

In Google Chrome, before version 147.0.7727.55, Race in WebCodecs allowed a remote attacker to obtain potentially sensitive information from process memory through a crafted HTML page. Chromium security severity: Medium...

7.5CVSS6.6AI score0.0018EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 11:53 a.m.6 views

EUVD-2026-38757

hono before 4.12.14 contains an html injection vulnerability in jsx server-side rendering that allows attackers to inject unintended html by using malformed attribute names. Attackers can craft specially crafted attribute keys containing characters like quotes or angle brackets to break html tag...

5.3CVSS6AI score0.00174EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/24 7:25 a.m.9 views

CVE-2026-54588

A flaw was found in Poweradmin, a web-based DNS administration tool. An unauthenticated attacker can exploit this vulnerability by manipulating the HTTPHOST request header. This manipulation allows the attacker to poison the redirecturi used in the OpenID Connect OIDC, Security Assertion Markup...

9.6CVSS5.8AI score0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.8 views

PT-2026-52041

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.197 Description An uninitialized use in the GPU component allows a remote attacker who has already compromised the renderer process to retrieve potentially sensitive information from process memory...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-52048

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.197 Description An uninitialized use in the GPU component allows a remote attacker to obtain potentially sensitive information from process memory. This is achieved by inducing the victim t...

5.3CVSS5.8AI score0.00186EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.6 views

PT-2026-52164

Name of the Vulnerable Software and Affected Versions Drupal Advanced Content Feedback versions 0.0.0 through 2.8.0 Description Stored Cross-site Scripting XSS occurs when the module fails to sufficiently sanitize administrator-configured response messages. Specifically, the "Yes response", "No...

6AI score0.00161EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 10:9 p.m.27 views

CVE-2026-54588

Poweradmin (for PowerDNS) is affected by a Host Header Injection vulnerability in auth flows. Versions prior to 4.2.4 and 4.3.3 use the HTTP_HOST header as the authoritative source for building OIDC redirect_uri, SAML ACS/SLO URLs, and logout redirects without validation. An unauthenticated attac...

9.6CVSS6AI score0.00312EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 3:59 p.m.18 views

CVE-2026-13007

Tenable Identity Exposure exposes multiple unauthenticated API endpoints under /w/api/* that return sensitive configuration data (cleartext LDAP credentials, SAML config, user accounts, directory settings). Responses are served with Cache-Control: public and without Vary: Cookie, enabling reverse...

8.7CVSS5.9AI score0.00432EPSS
Exploits0References1
CVE
CVE
added 2026/06/23 3:54 p.m.30 views

CVE-2026-44791

CVE-2026-44791 (n8n): Affected product: n8n (open source workflow automation). Background: prior to 1.123.43, 2.20.7, and 2.22.1, an authenticated user with permission to create/modify workflows could bypass the XML node patch for CVE-2026-42232, enabling global prototype pollution in the XML Nod...

9.9CVSS6.1AI score0.00634EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/23 1:16 p.m.10 views

CVE-2026-56263

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS0.00195EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/23 12:13 p.m.7 views

EUVD-2026-38442

Grav before 2.0.0-beta.2 contains an XML external entity injection vulnerability in SVG file upload processing that allows authenticated attackers to read arbitrary files. The application uses simplexmlloadstring without disabling external entity loading, enabling attackers to inject XXE payloads...

7.1CVSS6AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/23 12:13 p.m.7 views

EUVD-2026-38433

Crawl4AI before 0.8.7 contains a stored cross-site scripting vulnerability in the monitor dashboard that renders crawl URLs and error messages via innerHTML without escaping. An attacker can submit a crafted crawl request with malicious markup that executes in an operator's browser when viewing t...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 12:13 p.m.12 views

CVE-2026-56263

CVE-2026-56263 affects Crawl4AI prior to 0.8.7. A stored cross-site scripting vulnerability exists in the monitor dashboard where crawl URLs and error messages are rendered via innerHTML without escaping. An attacker could submit a crafted crawl request and, when an operator views the dashboard, ...

6.1CVSS5.7AI score0.00195EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/22 11:58 p.m.6 views

Gogs has DoS in rendering issue index pattern

Summary Special template of issue index pattern may cause panic. Details in internal/markup/markup.go go link = fmt.Sprintf%s, com.Expandmetas"format", metas, m Issue index pattern is rendered to link with com.Expand. However, com.Expand is not safe. go i = strings.Indextemplate, "" if s, ok :=...

3.5CVSS5.8AI score0.00284EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/06/22 10:16 p.m.8 views

CVE-2026-55409

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS0.00168EPSS
Exploits0References1
Rows per page
Query Builder