Lucene search
K

6680 matches found

OSV
OSV
added 2026/03/13 9:35 a.m.4 views

BIT-GITLAB-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.9 views

PT-2026-25378

Another example of the nodeIntegration: true / contextIsolation: false combination leading to a critical security vulnerability in a production Electron application. AnythingLLM Desktop is a popular local LLM + RAG tool. Their streaming chat renderer does not sanitise LLM output before DOM...

9.6CVSS6.5AI score0.00721EPSS
Exploits1References11
CVE
CVE
added 2026/03/12 9:29 p.m.182 views

CVE-2026-32308

OneUptime prior to version 10.0.23 is affected by a Stored XSS in the Markdown viewer’s Mermaid diagram rendering. The renderer uses securityLevel: "loose" and injects Mermaid SVG output via innerHTML, allowing interactive bindings and enabling XSS via Mermaid’s click directive to execute arbitra...

7.6CVSS6AI score0.00224EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2026/03/12 6:16 p.m.2 views

CVE-2026-31860

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...

6.1CVSS0.00258EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/12 5:18 p.m.1 views

CVE-2026-31860 Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...

5.3CVSS5.9AI score0.00258EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:18 p.m.2 views

CVE-2026-31860

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered...

5.3CVSS5.9AI score0.00258EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/12 5:18 p.m.14 views

CVE-2026-31860

CVE-2026-31860 affects Unhead prior to version 2.1.11, where the useHeadSafe() composable can be bypassed to inject arbitrary HTML attributes (including event handlers) into SSR-rendered tags via acceptDataAttrs. The vulnerability arises from allowing any key starting with data- (and even spaces...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/12 2:49 p.m.4 views

EUVD-2026-11373

StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings...

5.4CVSS5.8AI score0.00253EPSS
Exploits1References2
OSV
OSV
added 2026/03/12 2:23 p.m.1 views

GHSA-PF93-J98V-25PV ha-mcp has XSS via Unescaped HTML in OAuth Consent Form

Summary The ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects...

6.8CVSS5.9AI score0.00181EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/12 2:19 p.m.3 views

Cross-site Scripting (XSS)

Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the acceptDataAttrs function, which allows attribute names containing spaces or illegal characters to be injected into SSR-rendered HTML tags. An...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/12 2:19 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the acceptDataAttrs function, which allows attribute names containing spaces or illegal characters to be injected into SSR-rendered HTM...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References2
OSV
OSV
added 2026/03/12 2:19 p.m.3 views

GHSA-G5XX-PWRP-G3FV Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check

Summary useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. Details XSS via data- attribute name injection The acceptDataAttrs function safe.t...

5.3CVSS6AI score0.00258EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/03/12 2:19 p.m.17 views

Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check

Summary useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. Details XSS via data- attribute name injection The acceptDataAttrs function safe.t...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

unhead 跨站脚本漏洞

unhead is a document header and template manager developed by UnJS. Versions of unhead prior to 2.1.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the useHeadSafe function, which could be bypassed, allowing arbitrary HTML attributes to be injected in...

6.1CVSS5.8AI score0.00258EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.3 views

PT-2026-25020

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...

5.3CVSS5.9AI score0.00258EPSS
Exploits1References2
NVD
NVD
added 2026/03/11 9:16 p.m.3 views

CVE-2026-32106

StudioCMS is a server-side-rendered, Astro native, headless content management system. Prior to 0.4.3, the REST API createUser endpoint uses string-based rank checks that only block creating owner accounts, while the Dashboard API uses indexOf-based rank comparison that prevents creating users at...

7.2CVSS0.003EPSS
Exploits1References1
OSV
OSV
added 2026/03/11 8:50 p.m.5 views

CVE-2026-32124 OpenEMR: Dynamic Code Picker Renders Unescaped Descriptions (Stored XSS)

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, the dynamic code picker AJAX endpoint returns code descriptions codetext that are rendered in the front end e.g. DataTables without HTML escaping. If an administrator or user...

5.4CVSS5.9AI score0.00162EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/11 8:47 p.m.1 views

CVE-2026-32121 OpenEMR: Stored DOM XSS via `.html()` in Portal Signer Modal

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

7.7CVSS5.8AI score0.00191EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/11 8:47 p.m.27 views

CVE-2026-32121 OpenEMR: Stored DOM XSS via `.html()` in Portal Signer Modal

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

7.7CVSS0.00191EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/11 6:30 p.m.4 views

EUVD-2026-11176

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS5.7AI score0.00243EPSS
Exploits0References4
Rows per page
Query Builder