Lucene search
K

440 matches found

CVE
CVE
added 2026/05/26 5:43 p.m.26 views

CVE-2026-44669

CVE-2026-44669 affects FACTION, a PenTesting Report Generation and Collaboration Framework. Before version 1.8.3, it is vulnerable to stored XSS in attachment filenames used in the assessment file preview flow. User-supplied filename values are persisted server-side and later rendered into HTML/a...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/26 5:42 p.m.22 views

EUVD-2026-31942

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 5:42 p.m.41 views

CVE-2026-44667 Faction: Stored XSS in Remediation Verification Attachment Filename Preview Rendering

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-43347

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.17 views

PT-2026-43345

FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting XSS via attachment filenames in remediation verification file preview flows. User-supplied filename values are persisted and then rendered into HTML and...

8.7CVSS5.8AI score0.00211EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

Faction 安全漏洞

Faction is an open-source report generation and evaluation framework developed by Faction Security. Versions of Faction prior to 1.8.3 contained security vulnerabilities. These vulnerabilities stemmed from the lack of output encoding for attachment file names during the evaluation file preview...

8.7CVSS5.7AI score0.00211EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/25 2:5 p.m.9 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.8AI score0.00199EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2026/05/25 2:5 p.m.18 views

CVE-2026-9078

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References2
CVE
CVE
added 2026/05/25 2:5 p.m.35 views

CVE-2026-9078

Firefox for iOS suffers a rendering issue in link-preview UI where specially crafted RTL and internationalized domain names could cause the displayed domain to visually reorder, making attacker-controlled sites appear as trusted origins. The vulnerability affects the RTL/IDN rendering surface wit...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/25 2:5 p.m.8 views

CVE-2026-9078 Firefox iOS RTL Domain Rendering Issue in Link Preview

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.8AI score0.00199EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/25 2:5 p.m.11 views

EUVD-2026-31693

Firefox for iOS displayed specially crafted right-to-left RTL and internationalized domain names IDNs incorrectly in link preview UI surfaces. A crafted RTL hostname could visually reorder portions of the displayed domain, causing attacker-controlled sites to appear as trusted origins. This...

5.8AI score0.00199EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.22 views

PT-2026-43074

Name of the Vulnerable Software and Affected Versions Firefox for iOS versions prior to 151.1 Description Firefox for iOS incorrectly displayed specially crafted right-to-left RTL and internationalized domain names IDNs within link preview UI surfaces. A crafted RTL hostname could visually reorde...

5.4CVSS5.8AI score0.00199EPSS
Exploits0References5
OSV
OSV
added 2026/05/21 8:43 p.m.4 views

GHSA-GFP8-MP24-5VXG @hulumi/baseline: CloudTrail selector tampering events were not fully detected

Impact: @hulumi/baseline versions before 1.3.2 could miss some CloudTrail event-selector tampering evidence, reducing coverage for changes to audit logging configuration. Patched in 1.3.2: detection coverage and regression tests were expanded. Remediation: upgrade @hulumi/baseline to 1.3.2 or lat...

6.9CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/21 8:43 p.m.15 views

@hulumi/baseline: CloudTrail selector tampering events were not fully detected

Impact: @hulumi/baseline versions before 1.3.2 could miss some CloudTrail event-selector tampering evidence, reducing coverage for changes to audit logging configuration. Patched in 1.3.2: detection coverage and regression tests were expanded. Remediation: upgrade @hulumi/baseline to 1.3.2 or lat...

5.8AI score
Exploits0References2Affected Software1
NVD
NVD
added 2026/05/16 4:16 p.m.16 views

CVE-2020-37233

WordPress Plugin Buddypress 6.2.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers with moderator privileges to inject malicious script code through the figure parameter in wp:html blocks. Attackers can inject iframe elements with event handlers like...

6.4CVSS0.00235EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 9:28 p.m.10 views

CVE-2026-45318 Open WebUI: Stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.3, his advisory tracks a regression of the original Excel-preview XSS CVE-2026-44549. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify ...

5.4CVSS5.8AI score0.00209EPSS
Exploits1References1
OSV
OSV
added 2026/05/14 8:18 p.m.6 views

GHSA-HCWP-82G6-8WXC Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview rendering ({@html} without DOMPurify)

Related advisory This advisory tracks a regression of the original Excel-preview XSS that was publicly disclosed and patched under GHSA-jwf8-pv5p-vhmc patched in v0.8.0. The same root cause — XLSX.utils.sheettohtml output rendered via @html excelHtml without DOMPurify — was reintroduced sometime...

5.4CVSS5.8AI score0.00209EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-41171

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description Open WebUI renders user-uploaded Office files, such as Excel and DOCX, as HTML using the @html directive without applying DOMPurify sanitization. This lack of sanitization allows for Stored...

5.4CVSS6AI score0.00209EPSS
Exploits1References8
NVD
NVD
added 2026/05/08 8:16 p.m.22 views

CVE-2026-42181

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...

6.5CVSS0.00209EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/08 7:26 p.m.8 views

CVE-2026-42181

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.19.18, Lemmy fetches metadata for user-supplied post URLs and, under the default StoreLinkPreviews image mode, downloads the preview image through local pict-rs. While the top-level page URL is checked against internal IP...

6.5CVSS5.7AI score0.00209EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder