Lucene search
K

6686 matches found

Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.5 views

PT-2026-26189

Filament is a collection of full-stack components for accelerated Laravel development. Versions 4.0.0 through 4.8.4 and 5.0.0 through 5.3.4 have two Filament Table summarizers Range, Values that render raw database values without escaping HTML. If there is a lack of validation for the data in the...

7.3CVSS5.8AI score0.00296EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/18 12:0 a.m.6 views

PT-2026-26188

Name of the Vulnerable Software and Affected Versions SiYuan versions 3.6.0 and earlier SiYuan versions 3.5.9 and earlier Description SiYuan is a personal knowledge management system. The backend 'renderREADME' function uses 'lute.New' without calling 'SetSanitizetrue', allowing raw HTML embedded...

9CVSS6.7AI score0.00584EPSS
Exploits1References156
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-0602

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowe...

4.3CVSS5.9AI score0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/17 4:9 a.m.5 views

CVE-2026-3312

A flaw was found in Pagure's rendering engine for reStructuredText RST files. An authenticated user can exploit an unrestricted .. include:: directive within RST files to read arbitrary internal files from the server hosting Pagure. This information disclosure vulnerability allows unauthorized...

7.7CVSS5.8AI score
Exploits0References3
Redos
Redos
added 2026/03/17 12:0 a.m.2 views

ROS-20260317-73-0008

A vulnerability in drivers/gpu/drm/v3d/v3ddrv.h, drivers/gpu/drm/v3d/v3dgem.c, and drivers/gpu/drm/v3d/v3d/v3dirq.c modules of the Linux operating system kernel is related to pointer dereferencing. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS5.8AI score0.00161EPSS
Exploits0
OSV
OSV
added 2026/03/16 10:15 p.m.7 views

USN-8101-1 vim vulnerabilities

Rahul Hoysala discovered that Vim did not correctly handle certain tag resolutions. An attacker could possibly use this issue to cause a denial of service. CVE-2026-25749 It was discovered that Vim did not correctly handle processing certain specialKey commands. An attacker could possibly use thi...

7.8CVSS6.3AI score0.01162EPSS
Exploits1References9
OSV
OSV
added 2026/03/16 4:26 p.m.8 views

GHSA-VCV2-Q258-WRG7 Glances has a Command Injection via Process Names in Action Command Templates

Summary The Glances action system allows administrators to configure shell commands that execute when monitoring thresholds are exceeded. These commands support Mustache template variables e.g., name, key that are populated with runtime monitoring data. The securepopen function, which executes...

7CVSS6.3AI score0.00243EPSS
Exploits1References5
NVD
NVD
added 2026/03/16 2:19 p.m.2 views

CVE-2026-32626

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS...

9.6CVSS0.00721EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.5 views

PT-2026-25815

Summary LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped. Details LeafKit attempts to escape expressions during serialization, but due to...

6.9CVSS5.6AI score0.00265EPSS
Exploits1References11
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.6 views

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped...

6.9CVSS5.7AI score0.00265EPSS
Exploits1References6Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2026/03/16 12:0 a.m.8 views

LeafKit's HTML escaping may be skipped for Collection values, enabling XSS

LeafKit HTML-escaping is not working correctly when a template prints a collection Array / Dictionary via value. This can result in XSS, allowing potentially untrusted input to be rendered unescaped...

6.9CVSS5.7AI score0.00265EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

AnythingLLM 跨站脚本漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM 1.11.1 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the presence of a streaming-phase cross-site script in the chat rendering pipeline. Due to insecure...

9.6CVSS6.3AI score0.00721EPSS
Exploits1References2
Veracode
Veracode
added 2026/03/14 5:21 a.m.6 views

Arbitrary Code Injection

Craft CMS is vulnerable to Arbitrary Code Injection. The vulnerability is due to unsafe use of unsandboxed Twig rendering with user-controlled input in the conditions system, which allows an attacker to execute arbitrary code through crafted condition rules...

9.3CVSS6.2AI score0.00665EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/13 8:14 p.m.21 views

CVE-2026-32626

CVE-2026-32626 affects AnythingLLM Desktop (1.11.1 and earlier). The root cause is in the chat rendering pipeline where user-provided content is interpolated into the alt attribute of an image in frontend/src/utils/chat/markdown.js without HTML entity escaping, combined with rendering the output ...

9.6CVSS5.9AI score0.00721EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/13 8:14 p.m.5 views

CVE-2026-32626 AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS...

9.6CVSS5.9AI score0.00721EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/13 8:14 p.m.44 views

CVE-2026-32626 AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS...

9.6CVSS0.00721EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/13 8:0 p.m.11 views

EUVD-2026-11720

OneUptime: Stored XSS via Mermaid Diagram Rendering securityLevel: "loose"...

7.6CVSS5.8AI score0.00224EPSS
Exploits1References2
OSV
OSV
added 2026/03/13 8:0 p.m.3 views

GHSA-WVH5-6VJM-23QH OneUptime: Stored XSS via Mermaid Diagram Rendering (securityLevel: "loose")

Summary The Markdown viewer component renders Mermaid diagrams with securityLevel: "loose" and injects the SVG output via innerHTML. This configuration explicitly allows interactive event bindings in Mermaid diagrams, enabling XSS through Mermaid's click directive which can execute arbitrary...

7.6CVSS6.2AI score0.00224EPSS
Exploits1References4
NVD
NVD
added 2026/03/13 7:54 p.m.4 views

CVE-2026-31864

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...

6.8CVSS0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 7:22 p.m.3 views

EUVD-2026-12085

JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...

6.8CVSS6.2AI score0.00347EPSS
Exploits0References2
Rows per page
Query Builder