Lucene search
K

234 matches found

OSV
OSV
added 2026/03/18 8:17 p.m.2 views

GHSA-VCCX-P757-PV6H mo has a XSS via inline SVG script tags in Markdown rendering

Summary When rendering Markdown files containing inline SVG elements with tags, the embedded JavaScript is executed in the browser. This is due to rehype-raw passing raw HTML including SVG through to the DOM without sanitization. PoC html alert1 Embedding the above in a Markdown file opened with ...

2.3CVSS5.9AI score
Exploits0References2
Cvelist
Cvelist
added 2026/03/06 4:16 a.m.32 views

CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

6.3CVSS0.00187EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/06 4:16 a.m.5 views

CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

6.3CVSS5.7AI score0.00187EPSS
Exploits1References2
CVE
CVE
added 2026/03/06 4:16 a.m.10 views

CVE-2026-28509

LangBot’s web UI prior to version 4.8.7 renders user-supplied raw HTML via rehypeRaw, resulting in a cross-site scripting (XSS) vulnerability. Affected product: LangBot (global IM bot platform for LLMs). Root cause: unescaped user HTML processed by rehypeRaw. Impact (per CVSS): Confidentiality im...

6.3CVSS5.7AI score0.00187EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/03/06 4:16 a.m.7 views

CVE-2026-28509 LangBot has a Cross Site Scripting(XSS) Vulnerability

LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting XSS vulnerability. This issue has been patched in version 4.8.7...

6.3CVSS5.5AI score0.00187EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.6 views

LangBot 跨站脚本漏洞

LangBot is an open-source development platform for large-scale instant messaging robots created by LangBot. Versions of LangBot prior to 4.8.7 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of rehypeRaw to render the original HTML provided by users, which...

6.3CVSS5.6AI score0.00187EPSS
Exploits1References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in ignite-rehype-xo-cypress (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d4a51f0740e1612c51322e453536c8292d2bc79861076bc5c2b152821856564f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-179465

Malicious code in css-loader-rehype-toml-version npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-179284

Malicious code in docusaurus-thermosphere-aquarius-rehype npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.1 views

EUVD-2025-175799

Malicious code in update-hadron-rehype-phoenix npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-176731

Malicious code in rehype-mesosphere-orbit-puppeteer npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-176730

Malicious code in rehype-sequelize-avior-redis npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-179657

Malicious code in comet-rehype-transport-entanglement npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-175994

Malicious code in test-cache-rehype-backend npm...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.6 views

Malicious code in cosmiconfig-xml-rehype-webpack (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c337d51a5afe782ff83bde8f55685686a71e8d4b23d52af00c64f247b76db8e7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.3 views

EUVD-2025-180089

Malicious code in betelgeuse-gammarayburst-puppeteer-rehype npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-179450

Malicious code in csv-mongodb-rehype-less-loader npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.1 views

EUVD-2025-178452

Malicious code in ignite-rehype-xo-cypress npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.4 views

EUVD-2025-179550

Malicious code in cosmiconfig-xml-rehype-webpack npm...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/11/13 3:23 a.m.2 views

EUVD-2025-178544

Malicious code in hercules-pyxis-rehype-hermes npm...

6.6AI score
Exploits0
Rows per page
Query Builder