6680 matches found
BIT-GITLAB-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...
PT-2026-25378
Another example of the nodeIntegration: true / contextIsolation: false combination leading to a critical security vulnerability in a production Electron application. AnythingLLM Desktop is a popular local LLM + RAG tool. Their streaming chat renderer does not sanitise LLM output before DOM...
CVE-2026-32308
OneUptime prior to version 10.0.23 is affected by a Stored XSS in the Markdown viewer’s Mermaid diagram rendering. The renderer uses securityLevel: "loose" and injects Mermaid SVG output via innerHTML, allowing interactive bindings and enabling XSS via Mermaid’s click directive to execute arbitra...
CVE-2026-31860
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...
CVE-2026-31860 Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...
CVE-2026-31860
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered...
CVE-2026-31860
CVE-2026-31860 affects Unhead prior to version 2.1.11, where the useHeadSafe() composable can be bypassed to inject arbitrary HTML attributes (including event handlers) into SSR-rendered tags via acceptDataAttrs. The vulnerability arises from allowing any key starting with data- (and even spaces...
EUVD-2026-11373
StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings...
GHSA-PF93-J98V-25PV ha-mcp has XSS via Unescaped HTML in OAuth Consent Form
Summary The ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects...
Cross-site Scripting (XSS)
Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the acceptDataAttrs function, which allows attribute names containing spaces or illegal characters to be injected into SSR-rendered HTML tags. An...
Cross-site Scripting (XSS)
Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the acceptDataAttrs function, which allows attribute names containing spaces or illegal characters to be injected into SSR-rendered HTM...
GHSA-G5XX-PWRP-G3FV Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Summary useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. Details XSS via data- attribute name injection The acceptDataAttrs function safe.t...
Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Summary useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. Details XSS via data- attribute name injection The acceptDataAttrs function safe.t...
unhead 跨站脚本漏洞
unhead is a document header and template manager developed by UnJS. Versions of unhead prior to 2.1.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the useHeadSafe function, which could be bypassed, allowing arbitrary HTML attributes to be injected in...
PT-2026-25020
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...
CVE-2026-32106
StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...
CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...
CVE-2026-32121 OpenEMR: Stored DOM XSS via `.html()` in Portal Signer Modal
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...
CVE-2026-32121 OpenEMR: Stored DOM XSS via `.html()` in Portal Signer Modal
OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...
EUVD-2026-11176
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...