Lucene search
K

6685 matches found

CNNVD
CNNVD
added 2026/02/18 12:0 a.m.6 views

MajorDoMo 跨站脚本漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. MajorDoMo has a cross-site scripting vulnerability. This vulnerability stems from the /objects/?method endpoint, which allows unvalidated execution of stored methods. The parameters controlled by...

7.2CVSS5.8AI score0.00227EPSS
Exploits1References3
Kaspersky
Kaspersky
added 2026/02/18 12:0 a.m.5 views

KLA90896 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in PDFium can be exploited to cause denial of service. 2...

8.8CVSS6.3AI score0.00642EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/16 12:30 p.m.5 views

pretix unsafely evaluates variables in emails

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: - It was possible to exfiltrate informati...

9CVSS5.5AI score0.00243EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 2026/02/16 12:30 p.m.13 views

EUVD-2026-6097

Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained two security-relevant bugs: It was possible to exfiltrate information...

9CVSS5.5AI score0.00243EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/02/14 1:27 a.m.8 views

CVE-2026-26188

Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...

5.4CVSS5.7AI score0.00253EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/13 6:0 p.m.4 views

Cross-site Scripting (XSS)

Overview beautiful-mermaid is a Render Mermaid diagrams as beautiful SVGs or ASCII art. Ultra-fast, fully themeable, zero DOM dependencies. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the interpolation of user-controlled values from style and classDef directiv...

6.1CVSS5.7AI score0.00505EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/02/13 12:30 a.m.2 views

SUSE CVE-2025-41117

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo ...

6.8CVSS5.5AI score0.0026EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/13 12:0 a.m.4 views

beautiful-mermaid 跨站脚本漏洞

Beautiful-Mermaid is a visualization AI assistant tool developed by Craft Docs. Versions of Beautiful-Mermaid prior to 0.1.3 had a cross-site scripting vulnerability. This vulnerability stemmed from an SVG attribute injection issue, which could lead to cross-site scripting attacks when rendering...

5.3CVSS5.6AI score0.00505EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/02/13 12:0 a.m.5 views

n8n Node.js Package < 1.123.9 / 2.x < 2.2.1 Stored XSS (CVE-2026-25054)

The version of the n8n Node.js Package installed on the remote host is prior to 1.123.9, or 2.x prior to 2.2.1. It is, therefore, affected by a stored cross-site scripting vulnerability: - A cross-site scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface,...

8.5CVSS5.8AI score0.00187EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/02/12 3:31 a.m.6 views

next-mdx-remote affected by arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content...

8.8CVSS6.5AI score0.00582EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/02/12 3:31 a.m.3 views

GHSA-G4XW-JXRG-5F6M next-mdx-remote affected by arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content...

8.8CVSS6.3AI score0.00582EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/12 2:51 a.m.4 views

Arbitrary Code Injection

Overview next-mdx-remote is an utilities for loading mdx from any remote source as data, rather than as a local import Affected versions of this package are vulnerable to Arbitrary Code Injection via the serialize function. An attacker can execute arbitrary code by submitting specially crafted MD...

8.8CVSS6.3AI score0.00582EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/12 1:35 a.m.31 views

CVE-2026-0969 Arbitrary code execution in React server-side rendering of untrusted MDX content

The serialize function used to compile MDX in next-mdx-remote is vulnerable to arbitrary code execution due to insufficient sanitization of MDX content. This vulnerability, CVE-2026-0969, is fixed in next-mdx-remote 6.0.0...

8.8CVSS0.00582EPSS
Exploits0References1
CVE
CVE
added 2026/02/12 1:35 a.m.106 views

CVE-2026-0969

The CVE-2026-0969 issue stems from the serialize function used to compile MDX in next-mdx-remote, with insufficient sanitization enabling arbitrary code execution in React server-side rendering of untrusted MDX content. The description provides a CVSSv3.1 base score of 8.8 (HIGH) and a network at...

8.8CVSS6.3AI score0.00582EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/12 12:0 a.m.5 views

HashiCorp next-mdx-remote 安全漏洞

HashiCorp next-mdx-remote is a content rendering tool developed by the American company HashiCorp. Versions of HashiCorp next-mdx-remote prior to version 6.0.0 contained security vulnerabilities, which were due to insufficient MDX content cleanup and could lead to arbitrary code execution...

8.8CVSS6.3AI score0.00582EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2026/02/12 12:0 a.m.7 views

Grafana -- XSS in Grafana Explore stack trace

https://grafana.com/security/security-advisories/cve-2025-41117 reports: Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasourc...

6.8CVSS5.8AI score0.0026EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/02/11 9:28 p.m.2 views

kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

A flaw was found in the kernel subsystem handling of the DRM scheduler. Under certain error conditions, the function drmschedjobadddependency consumes a fence reference and then later erroneously attempts to free it again double free. This may lead to memory corruption and, in some configurations...

5.7AI score0.00183EPSS
Exploits0References5
NVD
NVD
added 2026/02/11 7:15 p.m.8 views

CVE-2025-70296

A stored HTML injection vulnerability in the Recipe Notes rendering component in Mealie 3.3.1 allows remote authenticated users to inject arbitrary HTML, resulting in user interface redressing within the recipe view...

5.4CVSS0.0023EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.9 views

Mealie 安全漏洞

Mealie is a self-hosted recipe manager and meal planner developed by Hayden from the United States. Version 3.3.1 of Mealie contains a security vulnerability, which stems from a storage-type HTML injection in the Recipe Notes rendering component, potentially leading to user interface spoofing...

5.4CVSS5.8AI score0.0023EPSS
Exploits1References3
CVE
CVE
added 2026/02/11 12:0 a.m.16 views

CVE-2025-70296

CVE-2025-70296 is a stored HTML injection in Mealie 3.3.1’s Recipe Notes rendering component. Remote authenticated users can inject arbitrary HTML, causing user interface redressing in the recipe view. Descriptions across multiple sources confirm the vulnerability and affected version; one connec...

5.4CVSS5.8AI score0.0023EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder