6686 matches found
@docgeni/angular (=21.0.1), @jamelyassin/shadcn-angular (>=1.0.3 <=1.0.4) +14 more potentially affected by CVE-2026-27738 +1 more via @angular/ssr (>=21.1.2 <=21.2.13)
@angular/ssr NPM version =21.1.2, =1.0.3, =1.1.0, =2.0.0, =1.0.0, =0.0.2, =0.5.0, =0.1.2, =1.0.0, =1.1.5 - ngx-packages =21.3.2 and more Source cves: CVE-2026-27738, CVE-2026-33397 Source advisory: SNYK:JS-ANGULARSSR-15701178...
@hmcts/media-viewer (>=4.2.16-exui-4425 <=4.2.16-exui-4425-rel1) potentially affected by CVE-2026-33397 via @angular/ssr (=20.3.18)
@angular/ssr NPM version =20.3.18 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - @hmcts/media-viewer =4.2.16-exui-4425, =4.2.16-exui-4425-rel1 Source cves: CVE-2026-33397 Source advisory: OSV:GHSA-VFX2-HV2G-XJ5F...
CVE-2026-33346 OpenEMR has stored XSS in portal_payment.php via Unescaped table_args
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.2, a stored cross-site scripting XSS vulnerability in the patient portal payment flow allows a patient portal user to persist arbitrary JavaScript that executes in the browser o...
CVE-2026-32866
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...
PT-2026-26308
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in a user profile. An authenticated attacker can inject parts of an XSS payload in their first and last name fields. The payload is executed when the user's full name is rendered. The...
PT-2026-26375
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting XSS through FreeScout's email notification templates. Incoming email bodies are stored in the database without sanitization and rendered...
PT-2026-26374
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...
PT-2026-26310
OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS payload in the first and last name fields. The payload is executed when the full name is rendered...
openSUSE 16 Security Update : MozillaFirefox (openSUSE-SU-2026:20365-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20365-1 advisory. - Firefox Extended Support Release 140.8.0 ESR bsc1258568 - CVE-2026-2757: Incorrect boundary conditions in the WebRTC: Audio/Video component -...
mo has a XSS via inline SVG script tags in Markdown rendering
Summary When rendering Markdown files containing inline SVG elements with tags, the embedded JavaScript is executed in the browser. This is due to rehype-raw passing raw HTML including SVG through to the DOM without sanitization. PoC html alert1 Embedding the above in a Markdown file opened with ...
GHSA-VCCX-P757-PV6H mo has a XSS via inline SVG script tags in Markdown rendering
Summary When rendering Markdown files containing inline SVG elements with tags, the embedded JavaScript is executed in the browser. This is due to rehype-raw passing raw HTML including SVG through to the DOM without sanitization. PoC html alert1 Embedding the above in a Markdown file opened with ...
USN-8097-2: roundcube regression
USN-8097-1 fixed a vulnerability in roundcube. The update caused a regression affecting the HTML sanitizer, preventing Roundcube from rendering any email message body. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Roundcube...
USN-8097-2 roundcube regression
USN-8097-1 fixed a vulnerability in roundcube. The update caused a regression affecting the HTML sanitizer, preventing Roundcube from rendering any email message body. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that Roundcube...
Researchers found font-rendering trick to hide malicious commands
Researchers have published a proof-of-concept PoC that uses custom fonts to fool many popular Artificial Intelligence AI assistants, including ChatGPT, Claude, Copilot, Gemini, Leo, Grok, Perplexity, Sigma, Dia, Fellou, and Genspark. Imagine a book where the visible text is harmless, but hidden...
GHSA-MVPM-V6Q4-M2PF SiYuan has Stored XSS to RCE via Unsanitized Bazaar Package Metadata
Stored XSS to RCE via Unsanitized Bazaar Package Metadata Summary SiYuan's Bazaar community marketplace renders package metadata fields displayName, description using template literals without HTML escaping. A malicious package author can inject arbitrary HTML/JavaScript into these fields, which...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderREADME process. An attacker can execute arbitrary JavaScript and achieve remote code execution by submitting a malicious package containing crafted HTML or Markdown in the README, which is rendered...
SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...
GHSA-4663-4MPG-879V SiYuan has Stored XSS to RCE via Unsanitized Bazaar README Rendering
Stored XSS to RCE via Unsanitized Bazaar README Rendering Summary SiYuan's Bazaar community marketplace renders package README content without HTML sanitization. The backend renderREADME function uses lute.New without calling SetSanitizetrue, allowing raw HTML embedded in Markdown to pass through...
Craft CMS Vulnerable to Stored XSS in Revision Context Menu
The revision/draft context menu in the element editor renders the creator’s fullName as raw HTML due to the use of Template::raw combined with Craft::t string interpolation. A low-privileged control panel user e.g., Author can set their fullName to an XSS payload via the profile editor, then crea...
CVE-2026-32608
Glances is an open-source system cross-platform monitoring tool. The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime...