UBUNTU-CVE-2026-41150

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, if they use the excludes attribute to exclude all dates. mermaid.parse is unaffected, unless you th...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-27136)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-27136 advisory. - Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML...

Apache ECharts 安全漏洞

Apache ECharts is a data visualization charting library from the Apache USA Foundation. A security vulnerability exists in Apache ECharts versions prior to 6.1.0, which stems from a failure to escape HTML strings in the rendering logic of the Lines family of tooltips, potentially leading to a...

CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-27136

CVE-2026-27136 affects golang.org/x/net/html. The issue arises when parsing HTML and rendering via Render, yielding an unexpected HTML tree due to duplicate attributes, which can enable XSS in applications that sanitize input HTML before rendering. The connected docs specify the vulnerability inv...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of unescaped name and version metadata fields. An attacker can execute arbitrary scripts or code within the application context by submitting specially crafted package metadata. Details...

PT-2026-41170

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.3 Description An application-wide Cross-Site Request Forgery CSRF issue exists in the image uploading functionality. An attacker can set an image URL to a malicious endpoint, causing any authenticated user who...

openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20621-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20621-1 advisory. Update to Firefox Extended Support Release 140.10.0 ESR. - MFSA 2026-32 bsc1262230: CVE-2026-6746: Use-after-free in the DOM: Core & HTML...

CVE-2026-34365

InvoiceShelf CVE-2026-34365 describes a Server-Side Request Forgery in the Estimate PDF generation module prior to v2.2.0. User-supplied HTML in the estimate Notes field is passed unsanitised to the Dompdf rendering library, which can fetch remote resources, enabling SSRF via the PDF preview and ...

CVE-2026-32753

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the rendering process of saved names in the Cabinet Plugin list view. An authenticated user can execute arbitrary scripts in a victim's browser by injecting malicious input, potentially leading to unauthorize...

📄 Moodle TeX Formula Rendering Denial of Service

A denial of service vulnerability was identified in the TeX formula rendering component of Moodle. The issue occurs when rendering TeX content using the mimetex engine without enforcing sufficient execution time or resource limitations. By submitting specially crafted TeX formulas designed to...

Cross-site Scripting (XSS)

Overview beautiful-mermaid is a Render Mermaid diagrams as beautiful SVGs or ASCII art. Ultra-fast, fully themeable, zero DOM dependencies. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interpolation of user-controlled values from style and classDef directiv...

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software DoS (cisco-sa-tce-roomos-dos-9V9jrC2q)

According to its self-reported version, Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service is affected by a vulnerability. - A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software cou...

CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...

CVE-2026-20119

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...

EUVD-2020-0528

Malware in sbrugna...

EUVD-2018-7987

Malware in sbrugna...

EUVD-2025-25223

Malicious code in bioql PyPI...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade Firefox-ESR to version 140.3 or higher. Reference...