Lucene search
K

70 matches found

NVD
NVD
added 2026/07/02 8:17 p.m.6 views

CVE-2026-58579

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.4CVSS0.00182EPSS
Exploits0References5
EUVD
EUVD
added 2026/07/02 7:38 p.m.12 views

EUVD-2026-41421

RAGFlow before 0.26.3 stores an agent pipeline DSL node name without sanitization: the agent update endpoint normalizes the submitted DSL via normalizedsl, which only performs JSON serialization validation and preserves the node name verbatim. The dataflow-result web UI then renders that name int...

5.4CVSS5.9AI score0.00182EPSS
Exploits0References5
CVE
CVE
added 2026/07/02 7:38 p.m.20 views

CVE-2026-58579

RAGFlow before 0.26.3 stores an agent pipeline (DSL) node name without sanitization. The update endpoint normalizes DSL via JSON serialization but preserves the node name, and the dataflow-result UI renders it with dangerouslySetInnerHTML while i18next escapeValue is false, allowing an authentica...

5.4CVSS5.9AI score0.00182EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.4 views

SUSE SLES12 Security Update : perl-XML-LibXML (SUSE-SU-2026:2402-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:2402-1 advisory. This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing...

7.5CVSS5.9AI score0.00531EPSS
Exploits0References4
OSV
OSV
added 2026/06/15 5:3 p.m.4 views

SUSE-SU-2026:2402-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.2AI score0.00531EPSS
Exploits0References3
SUSE Linux
SUSE Linux
added 2026/06/09 2:33 p.m.8 views

Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

8.2CVSS5.4AI score0.00531EPSS
Exploits0References4
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Medium: perl-XML-LibXML

Issue Overview: XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjace...

7.5CVSS5.5AI score0.00531EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.11 views

Amazon Linux 2 : perl-XML-LibXML, --advisory ALAS2-2026-3342 (ALAS-2026-3342)

The version of perl-XML-LibXML installed on the remote host is prior to 2.0018-5. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3342 advisory. XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncat...

7.5CVSS5.5AI score0.00531EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.10 views

CVE-2026-8177

XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory...

7.5CVSS5.5AI score0.00531EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 10:41 a.m.4 views

SUSE-SU-2026:22081-1 Security update for perl-XML-LibXML

This update for perl-XML-LibXML fixes the following issue - CVE-2026-8177: read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences bsc1264715...

7.5CVSS5.2AI score0.00531EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/03 9:6 p.m.16 views

malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

6.1AI score0.00174EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/03 9:6 p.m.8 views

GHSA-CH57-39Q2-4CRM malla: Stored XSS via Meshtastic node names in multiple frontend pages

Node names longname, shortname received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor. Affecte...

6.3CVSS6.1AI score0.00174EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.10 views

PT-2026-46092

Node names long name, short name received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor...

6.3CVSS6.1AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.14 views

PT-2026-46117

Node names long name, short name received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor...

6.3CVSS6.1AI score0.00174EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 p.m.15 views

CVE-2026-45323

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

9.6CVSS6.1AI score0.00317EPSS
Exploits1References1
NVD
NVD
added 2026/05/28 6:16 p.m.14 views

CVE-2026-45323

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

9.6CVSS0.00317EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:54 p.m.11 views

CVE-2026-45323

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

9.6CVSS6.1AI score0.00317EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/28 4:54 p.m.9 views

CVE-2026-45323 MeshCore Card: XSS vulnerability through meshcore node name

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

9.6CVSS6.1AI score0.00317EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/28 4:54 p.m.33 views

CVE-2026-45323 MeshCore Card: XSS vulnerability through meshcore node name

MeshCore Card provides MeshCore Lovelace card for Home Assistant. Prior to 0.3.3, Meshcore node names are rendered without HTML escaping in meshcore-card, allowing any node within direct or indirect repeated radio range to execute arbitrary javascript in the Home Assistant frontend of anyone...

9.6CVSS0.00317EPSS
Exploits1References1
CVE
CVE
added 2026/05/28 4:54 p.m.111 views

CVE-2026-45323

Summary: CVE-2026-45323 affects MeshCore Card for Home Assistant. Before version 0.3.3, node names in the meshcore-card were rendered without HTML escaping, enabling an attacker within direct or indirect (repeated) radio range to inject arbitrary JavaScript in the Home Assistant frontend of any v...

9.6CVSS6.1AI score0.00317EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder