Lucene search
K

6686 matches found

CVE
CVE
added 2026/02/11 12:0 a.m.16 views

CVE-2025-70296

CVE-2025-70296 is a stored HTML injection in Mealie 3.3.1’s Recipe Notes rendering component. Remote authenticated users can inject arbitrary HTML, causing user interface redressing in the recipe view. Descriptions across multiple sources confirm the vulnerability and affected version; one connec...

5.4CVSS5.8AI score0.0023EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/11 12:0 a.m.6 views

SUSE SLES15: java-11-openjdk / java-11-openjdk-demo / java-11-openjdk-devel / etc (SUSE-SU-2026:0414-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0414-1 advisory. Upgrade to upstream tag jdk-11.0.30+7 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE compone...

7.5CVSS6.5AI score0.00864EPSS
Exploits1References14
ATTACKERKB
ATTACKERKB
added 2026/02/10 5:51 p.m.6 views

CVE-2026-21513

Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network...

8.8CVSS5.5AI score0.15384EPSS
In wildExploits0References2Affected Software21
CVE
CVE
added 2026/02/10 5:51 p.m.52 views

CVE-2026-21513

CVE-2026-21513 is a security feature bypass vulnerability in the MSHTML Framework. Affected component: MSHTML/MSHTML Framework used by Windows’ browsing/rendering stack. Root cause details are described in vendor advisories and security blogs as a protection mechanism bypass that can be triggered...

8.8CVSS5.5AI score0.15384EPSS
In wildExploits0References4Affected Software13
SUSE Linux
SUSE Linux
added 2026/02/10 8:35 a.m.7 views

Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.18+8 January 2026 CPU Security fixes: CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. CVE-2026-21933: Fixed Oracle...

7.5CVSS5.9AI score0.00864EPSS
Exploits1References22
OSV
OSV
added 2026/02/10 8:35 a.m.3 views

SUSE-SU-2026:0415-1 Security update for java-17-openjdk

This update for java-17-openjdk fixes the following issues: Upgrade to upstream tag jdk-17.0.18+8 January 2026 CPU Security fixes: - CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. - CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. - CVE-2026-21933: Fixed...

7.5CVSS5.8AI score0.00864EPSS
Exploits1References10
SUSE Linux
SUSE Linux
added 2026/02/10 8:33 a.m.10 views

Security update for java-11-openjdk

This update for java-11-openjdk fixes the following issues: Upgrade to upstream tag jdk-11.0.30+7 January 2026 CPU Security fixes: CVE-2026-21925: Fixed Oracle Java SE component RMI bsc1257034. CVE-2026-21932: Fixed Oracle Java SE component AWT and JavaFX bsc1257036. CVE-2026-21933: Fixed Oracle...

7.5CVSS5.9AI score0.00864EPSS
Exploits1References20
Tenable Nessus
Tenable Nessus
added 2026/02/10 12:0 a.m.2 views

KB5075999: Windows 10 Version 1607 / Windows Server 2016 Security Update (February 2026)

The remote Windows host is missing security update 5075999. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-21513 - Access of resource using incompatible...

8.8CVSS7.1AI score0.25835EPSS
Exploits9References22
OSV
OSV
added 2026/02/09 8:35 p.m.3 views

GHSA-9F5H-MMQ6-2X78 Craft CMS Vulnerable to Stored XSS in Number Prefix & Suffix Fields

Summary A stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|raw Twig filter without proper escaping, allowing script execution when the Number field is displayed on users' profiles. Proof of Concept Required Permissions -...

4.8CVSS5.7AI score0.0036EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2026/02/09 8:35 p.m.8 views

Craft CMS Vulnerable to Stored XSS in Number Prefix & Suffix Fields

Summary A stored XSS vulnerability exists in the Number field type settings. The Prefix and Suffix fields are rendered using the |md|raw Twig filter without proper escaping, allowing script execution when the Number field is displayed on users' profiles. Proof of Concept Required Permissions -...

4.8CVSS5.7AI score0.0036EPSS
Exploits1References6Affected Software1
CNNVD
CNNVD
added 2026/02/09 12:0 a.m.7 views

Craft CMS 跨站脚本漏洞

Craft CMS is an open-source content management system developed by Craft. Versions of Craft CMS from 4.0.0-RC1 to 4.16.17, as well as from 5.0.0-RC1 to 5.8.21, have a cross-site scripting vulnerability. This vulnerability stems from improper escaping of prefix and suffix fields during rendering,...

4.8CVSS5.7AI score0.0036EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/07 7:31 p.m.6 views

CVE-2026-25647

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

5.4CVSS5.4AI score0.00204EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/07 7:30 p.m.6 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS5.7AI score0.00189EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/02/07 12:24 a.m.4 views

SUSE CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

8.8CVSS5.4AI score0.00522EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/06 9:12 p.m.36 views

CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

NiceGUI is a Python-based UI framework. The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled conten...

6.1CVSS0.00241EPSS
Exploits1References2
CVE
CVE
added 2026/02/06 9:12 p.m.24 views

CVE-2026-25516

CVE-2026-25516 affects NiceGUI’s ui.markdown() in multiple sources (NVD, Red Hat, OSV, etc.). The vulnerability arises because markdown2’s default behavior allows raw HTML to pass through, enabling attacker-controlled content to inject HTML/JS event handlers when rendered via innerHTML. ui.markdo...

6.1CVSS5.4AI score0.00241EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/06 9:12 p.m.8 views

CVE-2026-25516 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

NiceGUI is a Python-based UI framework. The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled conten...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/06 7:3 p.m.3 views

CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

4.6CVSS5.5AI score0.00204EPSS
Exploits1References2
CVE
CVE
added 2026/02/06 7:3 p.m.13 views

CVE-2026-25647

Lute

5.4CVSS5.5AI score0.00204EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/02/06 7:3 p.m.5 views

CVE-2026-25647 Lute has a Stored Cross-Site Scripting (XSS) via Markdown hyperlink

Lute is a structured Markdown engine supporting Go and JavaScript. Lute 1.7.6 and earlier as used in SiYuan before has a Stored Cross-Site Scripting XSS vulnerability in the Markdown rendering engine. An attacker can inject malicious JavaScript into a Markdown text/note. When another user clicks...

4.6CVSS5.5AI score0.00204EPSS
Exploits1References4
Rows per page
Query Builder