Lucene search
K

6681 matches found

Github Security Blog
Github Security Blog
added 2026/02/25 4:4 p.m.5 views

repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard

Impact The RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo prop during the loading state without any sanitization. If a developer using this package passe...

6.1CVSS5.8AI score0.00196EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/02/25 4:4 p.m.3 views

GHSA-FM8C-6M29-RP6J repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard

Impact The RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo prop during the loading state without any sanitization. If a developer using this package passe...

6.1CVSS5.9AI score0.00196EPSS
Exploits1References4
OSV
OSV
added 2026/02/25 4:16 a.m.2 views

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

9.8CVSS6.4AI score0.00908EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/25 4:6 a.m.5 views

CVE-2026-25545

Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...

8.6CVSS5.5AI score0.01414EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/25 3:52 a.m.8 views

EUVD-2026-8615

tfplan2md is software for converting Terraform plan JSON files into human-readable Markdown reports. Prior to version 1.26.1, a bug in tfplan2md affected several distinct rendering paths: AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and...

8.5CVSS5.4AI score0.00296EPSS
Exploits0References2
CVE
CVE
added 2026/02/25 3:52 a.m.14 views

CVE-2026-27640

CVE-2026-27640 affects tfplan2md prior to version 1.26.1. A bug in rendering paths for AzApi resource body properties, AzureDevOps variable groups, Scriban template context variables, and hierarchical sensitivity detection caused sensitive values to render as non-masked strings instead of “(sensi...

8.5CVSS5.4AI score0.00296EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/25 3:8 a.m.5 views

CVE-2026-27744

The SPIP tickets plugin versions prior to 4.3.3 contain an unauthenticated remote code execution vulnerability in the forum preview handling for public ticket pages. The plugin appends untrusted request parameters into HTML that is later rendered by a template using unfiltered environment renderi...

9.8CVSS6.4AI score0.00908EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/25 2:38 a.m.2 views

CVE-2026-27612 Repostat Vulnerable to Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...

6.1CVSS5.8AI score0.00196EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/02/25 2:38 a.m.5 views

CVE-2026-27612

Repostat is a React component to fetch and display GitHub repository info. Prior to version 1.0.1, the RepoCard component is vulnerable to Reflected Cross-Site Scripting XSS. The vulnerability occurs because the component uses React's dangerouslySetInnerHTML to render the repository name repo pro...

6.1CVSS5.8AI score0.00196EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/02/25 2:38 a.m.26 views

CVE-2026-27612

CVE-2026-27612 concerns the Repostat React component before version 1.0.1, where the repo prop is rendered with dangerouslySetInnerHTML during loading, allowing reflected XSS if unvalidated input is provided. The issue is fixed in 1.0.1 by switching to safe JSX data binding. The CVSSv3.1 base sco...

6.1CVSS5.8AI score0.00196EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/25 2:31 a.m.3 views

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.7AI score0.00286EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/25 2:31 a.m.24 views

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS0.00286EPSS
Exploits1References3
OSV
OSV
added 2026/02/25 2:31 a.m.6 views

CVE-2026-27614 Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.13, an unauthenticated attacker who can submit events to a Bugsink project can store arbitrary JavaScript in an event. The payload executes only if a user explicitly views the affected Stacktrace in the web UI. When Pygments...

9.3CVSS5.9AI score0.00286EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/02/25 2:10 a.m.3 views

kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...

5.7AI score0.00183EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

tfplan2md 安全漏洞

tfplan2md is a Markdown document generation tool developed by Mathias Raacke. Versions of tfplan2md prior to 1.26.1 contained security vulnerabilities; these vulnerabilities stemmed from defects in multiple rendering paths, which could lead to the exposure of sensitive values...

8.5CVSS5.8AI score0.00296EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.8 views

PT-2026-21856

Name of the Vulnerable Software and Affected Versions tfplan2md versions prior to 1.26.1 Description tfplan2md is software used to convert Terraform plan JSON files into Markdown reports. Versions of the software prior to 1.26.1 had a flaw where sensitive values that should have been masked as...

8.5CVSS5.9AI score0.00296EPSS
Exploits0References11
Packet Storm News
Packet Storm News
added 2026/02/25 12:0 a.m.4 views

The Silent Spill: Measuring Sensitive Data Leaks across Public URL Repositories

A large number of URLs are made public by various platforms for security analysis, archiving, and paste sharing -- such as VirusTotal, URLScan.io, Hybrid Analysis, the Wayback Machine, and RedHunt. These services may unintentionally expose links containing sensitive information, as reported in so...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-21859

Name of the Vulnerable Software and Affected Versions SPIP tickets plugin versions prior to 4.3.3 Description The SPIP tickets plugin is affected by a remote code execution issue. An unauthenticated attacker can execute code on the web server through crafted content injection. The plugin appends...

9.8CVSS6.6AI score0.00908EPSS
Exploits0References12
Spring Security Advisories
Spring Security Advisories
added 2026/02/25 12:0 a.m.8 views

Optimizations in Spring MVC

Spring Fruits Benchmark Abstract Benchmarks are tricky to do well, and the results are often hard to interpret. This analysis attempts to go beyond a simple headline number to explore how performance varies with data set size. The results show that while results might be disappointing for a given...

5.7AI score
Exploits0
Packet Storm
Packet Storm
added 2026/02/25 12:0 a.m.107 views

📄 Moodle TeX Formula Rendering Denial of Service

A denial of service vulnerability was identified in the TeX formula rendering component of Moodle. The issue occurs when rendering TeX content using the mimetex engine without enforcing sufficient execution time or resource limitations. By submitting specially crafted TeX formulas designed to...

5.8AI score
Exploits0
Rows per page
Query Builder