GO-2026-4960 Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server

Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server...

CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

Neko has a Self-service Privilege Escalation for Authenticated Users

Impact Any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session termination, etc.. This results in a complete compromise of the instance. Patches The vulnerability has been patched in the...

GHSA-2GW9-C2R2-F5QF Neko has a Self-service Privilege Escalation for Authenticated Users

Impact Any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session termination, etc.. This results in a complete compromise of the instance. Patches The vulnerability has been patched in the...

EUVD-2026-24027

Neko has a Self-service Privilege Escalation for Authenticated Users...

CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

CVE-2026-39386 Neko has Self-service Privilege Escalation for Authenticated Users

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

CVE-2026-39386 Neko has Self-service Privilege Escalation for Authenticated Users

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

CVE-2026-39386

CVE-2026-39386 affects the Neko self-hosted virtual browser running in Docker with WebRTC. In versions 3.0.0–3.0.10 and 3.1.0–3.1.1, any authenticated user can escalate privileges to obtain full administrative control over the instance (e.g., member management, room settings, broadcast control, s...

CVE-2026-39386

Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative control of the entire Neko instance member management, room settings, broadcast control, session...

PT-2026-33880

Name of the Vulnerable Software and Affected Versions Neko versions 3.0.0 through 3.0.10 Neko versions 3.1.0 through 3.1.1 Description An issue allows any authenticated user to obtain full administrative control of the Neko instance, including member management, room settings, broadcast control,...

EUVD-2022-1739

Malicious code in bioql PyPI...

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

Malicious input can provoke XSS when preserving comments

Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in...

Atlassian Confluence 7.13.x / 8.1.x / 8.2.x / 8.3.x / 8.6.0 < 8.6.1 (CONFSERVER-93169)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-93169 advisory. - Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory...

DoS (Denial of Service) net.sourceforge.nekohtml:nekohtml in Confluence Data Center and Server

This High severity Third-Party Dependency vulnerability was introduced in versions 7.13.0, 7.19, 8.1.0, 8.2.0, 8.3.0 and 8.5 of Confluence Data Center and Server. This Third-Party Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H...

mXSS in AntiSamy

Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file and also allow for certain tags at the same time. As a result,...

SUSE CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

Security Bulletin: A vulnerability (CVE-2022-24839) in WebSphere Application Server Liberty affects IBM CICS TX Standard

Summary WebSphere Application Server Liberty is used by IBM CICS TX Standard. The fix removes vulnerability CVE-2022-24839, in the Neko HTML library used by IBM WebSphere Application Server Liberty, that could allow a remote attacker to cause a denial of service condition. Vulnerability Details...

Security Bulletin: A vulnerability (CVE-2022-24839) in WebSphere Application Server Liberty affects IBM CICS TX Advanced

Summary WebSphere Application Server Liberty is used by IBM CICS TX Advanced. The fix removes vulnerability CVE-2022-24839, in the Neko HTML library used by IBM WebSphere Application Server Liberty, that could allow a remote attacker to cause a denial of service condition. Vulnerability Details...