Lucene search
K

6686 matches found

Snyk
Snyk
added 2026/02/06 4:50 p.m.1 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML template rendering process. An attacker can execute arbitrary JavaScript in the context of a victim's browser by sending a specially crafted OAuth2 connection link containing a malicious display nam...

7.7CVSS5.6AI score0.00189EPSS
Exploits0References2
NVD
NVD
added 2026/02/06 4:16 p.m.7 views

CVE-2025-13523

Mattermost Confluence plugin version 1.7.0 fails to properly escape user-controlled display names in HTML template rendering which allows authenticated Confluence users with malicious display names to execute arbitrary JavaScript in victim browsers via sending a specially crafted OAuth2 connectio...

7.7CVSS0.00189EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/06 4:11 p.m.3 views

CVE-2026-25556

MuPDF versions 1.23.0 through 1.27.0 contain a double-free vulnerability in fzfillpixmapfromdisplaylist when an exception occurs during display list rendering. The function accepts a caller-owned fzpixmap pointer but incorrectly drops the pixmap in its error handling path before rethrowing the...

5.9CVSS5.5AI score0.00477EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/02/06 4:11 p.m.24 views

CVE-2026-25556

CVE-2026-25556 affects MuPDF versions 1.23.0–1.27.0 and describes a double-free in fz_fill_pixmap_from_display_list() when an exception occurs during display list rendering. The function drops a caller-owned fz_pixmap in its error path before rethrowing, and the bar‑code decoding path can drop th...

7.5CVSS5.4AI score0.00477EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

MuPDF 资源管理错误漏洞

MuPDF is an open-source software library written in C language. It is used to render pages as bitmaps, but also provides support for other operations such as searching and listing directories and links. Versions of MuPDF prior to 1.27.0 had a resource management vulnerability. This vulnerability...

7.5CVSS6AI score0.00477EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.4 views

PT-2026-6776

Name of the Vulnerable Software and Affected Versions Lute versions prior to 1.7.7 Description Lute, a structured Markdown engine supporting Go and JavaScript, contains a Stored Cross-Site Scripting XSS issue in its Markdown rendering engine. An attacker can inject malicious JavaScript into...

4.6CVSS5.5AI score0.00204EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/02/06 12:0 a.m.6 views

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software DoS (cisco-sa-tce-roomos-dos-9V9jrC2q)

According to its self-reported version, Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service is affected by a vulnerability. - A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software cou...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/05 7:23 p.m.4 views

CVE-2026-25054

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

8.5CVSS5.4AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/05 7:23 p.m.8 views

CVE-2026-20119

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References1
OSV
OSV
added 2026/02/05 5:41 p.m.4 views

GHSA-V82V-C5X8-W282 NiceGUI's XSS vulnerability in ui.markdown() allows arbitrary JavaScript execution through unsanitized HTML content

Description The ui.markdown component uses the markdown2 library to convert markdown content to HTML, which is then rendered via innerHTML. By default, markdown2 allows raw HTML to pass through unchanged. This means that if an application renders user-controlled content through ui.markdown, an...

6.1CVSS5.5AI score0.00241EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/02/05 1:22 a.m.6 views

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References1
Snyk
Snyk
added 2026/02/04 7:35 p.m.2 views

Cross-site Scripting (XSS)

Overview @n8n/design-system is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown rendering process in the workflow user interface. An attacker can execute arbitrary scripts in the context of another user's session by crafting malicious markdown conten...

8.5CVSS5.5AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2026/02/04 7:35 p.m.2 views

GHSA-QPQ4-PW7F-PP8W n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI

Impact A Cross-site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts...

8.5CVSS5.5AI score0.00187EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/02/04 7:35 p.m.8 views

n8n Has Stored Cross-site Scripting via Markdown Rendering in Workflow UI

Impact A Cross-site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user with permission to create or modify workflows could abuse this to execute scripts...

8.5CVSS5.5AI score0.00187EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/02/04 5:16 p.m.4 views

CVE-2026-25054

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

8.5CVSS0.00187EPSS
Exploits0References1
NVD
NVD
added 2026/02/04 5:16 p.m.6 views

CVE-2026-20119

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...

7.5CVSS0.0037EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/04 5:16 p.m.3 views

CVE-2026-23051

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

5.7AI score0.00155EPSS
Exploits0References4
OSV
OSV
added 2026/02/04 4:47 p.m.6 views

CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

8.5CVSS5.5AI score0.00187EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/04 4:47 p.m.3 views

CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

8.5CVSS5.4AI score0.00187EPSS
Exploits0References1
CVE
CVE
added 2026/02/04 4:47 p.m.19 views

CVE-2026-25054

CVE-2026-25054 affects n8n, an open source workflow automation platform. The vulnerability is a stored Cross-site Scripting (XSS) in the markdown rendering component used in the UI (including workflow sticky notes and other markdown areas). An authenticated user with permission to create/modify w...

8.5CVSS5.4AI score0.00187EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder