2913 matches found
EUVD-2026-28799
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
absinthe_plug Has a Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
GHSA-C62G-J346-39V5 absinthe_plug Has a Cross-site Scripting vulnerability
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794
Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines in the...
CVE-2026-42794
CVE-2026-42794 is a reflected XSS in absinthe_plug via GraphiQL. The function Elixir.Absinthe.Plug.GraphiQL:js_escape/1 escapes single quotes and newlines in the query GET parameter but does not escape backslashes, enabling an attacker to prefix a quote with a backslash (e.g., ") to break out of ...
EEF-CVE-2026-42794 Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug
Summary Improper Neutralization of Input During Web Page Generation XSS vulnerability in absinthe-graphql absintheplug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':jsescape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes and newlines i...
pupnp 安全漏洞
Pupnp is an open-source application developed by the Portable SDK for UPnP Devices. It’s a portable SDK for UPnP devices. Versions of Pupnp prior to 1.18.5 contained security vulnerabilities. These vulnerabilities were caused by the atoi function used in parseuri, which led to port truncation and...
PT-2026-39147
Name of the Vulnerable Software and Affected Versions absinthe plug versions 1.2.0 through 1.10.1 Description Reflected cross-site scripting is possible via the GraphiQL interface. The js escape/1 function in lib/absinthe/plug/graphiql.ex fails to escape backslashes when processing the query GET...
GHSA-375F-4R2H-F99J Bandit trusts client-supplied URI scheme on plaintext connections
Summary Bandit reflects the client-supplied URI scheme into conn.scheme without verifying the actual transport. Over a plaintext HTTP/1.1 connection or h2c, an unauthenticated attacker can send an absolute-form request target like GET https://victim/path HTTP/1.1 and the application observes...
[SECURITY] Fedora 43 Update: dovecot-2.4.3-2.fc43
Dovecot is an IMAP server for Linux/UNIX-like systems, written with security primarily in mind. It also contains a small POP3 server. It supports mail in either of maildir or mbox formats. The SQL drivers and authentication plug-ins are in their subpackages...
EUVD-2026-25845
Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 :scheme atom-table exhaustion...
Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion
Summary An unauthenticated remote denial-of-service vulnerability in Plug.Cowboy.Conn allows any attacker who can reach an HTTPS Plug.Cowboy listener via HTTP/2 to permanently exhaust the BEAM atom table and crash the entire Erlang VM. Am I Affected? All users running plugcowboy with HTTP/2 may b...
GHSA-Q8X4-X7MP-5VG2 Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion
Summary An unauthenticated remote denial-of-service vulnerability in Plug.Cowboy.Conn allows any attacker who can reach an HTTPS Plug.Cowboy listener via HTTP/2 to permanently exhaust the BEAM atom table and crash the entire Erlang VM. Am I Affected? All users running plugcowboy with HTTP/2 may b...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fixed a system hang that occurred during resume with a Thunderbolt monitor. Why This issue arises when using a Thunderbolt monitor and performing suspend or resume operations. During the resume procedure, the TBT...
Astra Linux – Vulnerability in wpa, pupnp-1.8
The Open Connectivity Foundation’s UPnP specification prior to April 17, 2020, does not prohibit the acceptance of a subscription request with a delivery URL located in a different network segment than the fully qualified event-subscription URL. This is known as the “CallStranger” issue...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: it6505: Initialize AUX channel in it6505i2cprobe During device booting, the HPD interrupt might be triggered before the DRM subsystem registers it6505 as a DRM bridge. In such cases, the driver attempts to access the...
Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: A fix was made to the NULL pointer dereference in dwc3gadgetsuspend. In current scenarios where “Plug-out” and “Plug-In” operations are performed continuously, there is a possibility that a NULL pointer...