Lucene search
K

6682 matches found

OSV
OSV
added 2026/02/27 10:8 p.m.5 views

CVE-2026-28422 Vim has stack-buffer-overflow in build_stl_str_hl()

Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in buildstlstrhl when rendering a statusline with a multi-byte fill character on a very wide terminal. Version 9.2.0078 patches the issue...

2.2CVSS5.9AI score0.00142EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/26 10:35 p.m.4 views

CVE-2026-27738

The Angular SSR is a server-rise rendering tool for Angular applications. An Open Redirect vulnerability exists in the internal URL processing logic in versions on the 19.x branch prior to 19.2.21, the 20.x branch prior to 20.3.17, and the 21.x branch prior to 21.1.5 and 21.2.0-rc.1. The logic...

6.9CVSS5.6AI score0.00302EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.7 views

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...

9.2CVSS5.8AI score0.00497EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/02/26 10:25 p.m.6 views

Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers

Errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError...

5.4CVSS5.4AI score0.00226EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/26 10:25 p.m.3 views

GHSA-QGVG-PR8V-6RR3 Svelte: XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers

Errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError...

5.3CVSS5.4AI score0.00226EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/26 10:24 p.m.6 views

Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

The contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-site Scripting XSS if rendering untrusted data as the binding's initial value on the server...

6.1CVSS5.4AI score0.00214EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/26 10:24 p.m.2 views

GHSA-PHWV-C562-GVMH Svelte vulnerable to XSS during SSR with contenteditable `bind:innerText` and `bind:textContent`

The contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-site Scripting XSS if rendering untrusted data as the binding's initial value on the server...

5.3CVSS5.5AI score0.00214EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/26 8:20 p.m.6 views

CVE-2026-27902

A cross-site scripting XSS vulnerability was found in Svelte’s server-side rendering SSR error handling. Error messages returned from the transformError function were not properly escaped before being embedded into HTML output within hydration markers. If an application returns attacker-controlle...

5.4CVSS5.5AI score0.00226EPSS
Exploits0References6
Snyk
Snyk
added 2026/02/26 6:18 a.m.4 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview agenta is a The SDK for agenta is an open-source LLMOps platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine in the API server evaluator template rendering. An attacker can execute arbitrary code on the server...

8.8CVSS6.3AI score0.00318EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.3 views

CVE-2026-27640

tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...

8.5CVSS5.4AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.4 views

CVE-2026-27612

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...

6.1CVSS5.8AI score0.00196EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/26 4:15 a.m.5 views

CVE-2026-27745

The SPIP interfacetraductionobjets plugin versions prior to 2.2.2 contain an authenticated remote code execution vulnerability in the translation interface workflow. The plugin incorporates untrusted request data into a hidden form field that is rendered without SPIP output filtering. Because...

8.8CVSS6.4AI score0.00761EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/26 3:13 a.m.5 views

Server-side Request Forgery (SSRF)

Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the inferSize option that fetches remote images at render time to determine their dimensions. An...

7.2CVSS6AI score0.00281EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/26 3:13 a.m.2 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:innerText and bind:textContent bindings on contenteditable elements during server-side rendering. An attacker can execute arbitrary scripts in the...

8CVSS6AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/26 3:13 a.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:innerText and bind:textContent bindings on contenteditable elements during server-side rendering. An attacker can execute arbitrary...

8CVSS5.9AI score0.00214EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/26 3:11 a.m.2 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the transformError function. An attacker can execute arbitrary scripts in the context of the affected application by injecting malicious content that is not...

8CVSS6AI score0.00226EPSS
Exploits0References2
NVD
NVD
added 2026/02/26 2:16 a.m.6 views

CVE-2026-27961

Agenta is an open-source LLMOps platform. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 0.86.8 in Agenta's API server evaluator template rendering. Although the vulnerable code lives in the SDK package, it is executed server-side within the API process when runni...

8.8CVSS0.00318EPSS
Exploits0References1
NVD
NVD
added 2026/02/26 2:16 a.m.5 views

CVE-2026-27901

Svelte performance oriented web framework. Prior to version 5.53.5, the contents of bind:innerText and bind:textContent on contenteditable elements were not properly escaped. This could enable HTML injection and Cross-Site Scripting XSS if rendering untrusted data as the binding's initial value o...

6.1CVSS0.00214EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/26 1:24 a.m.20 views

CVE-2026-2506 EM Cost Calculator <= 2.3.1 - Unauthenticated Stored Cross-Site Scripting via 'customer_name'

The EM Cost Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to the plugin storing attacker-controlled 'customername' data and rendering it in the admin customer list without output escaping. This makes it possible f...

6.1CVSS0.00215EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/26 12:58 a.m.4 views

CVE-2026-27902 Svelte Vulnerable to XSS via HTML Comment Injection in SSR Error Boundary Hydration Markers

Svelte performance oriented web framework. Prior to version 5.53.5, errors from transformError were not correctly escaped prior to being embedded in the HTML output, causing potential HTML injection and XSS if attacker-controlled content is returned from transformError. Version 5.53.5 fixes the...

5.3CVSS5.3AI score0.00226EPSS
Exploits0References3
Rows per page
Query Builder