Lucene search
K

6686 matches found

Cvelist
Cvelist
added 2026/02/04 4:47 p.m.30 views

CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

8.5CVSS0.00187EPSS
Exploits0References1
EUVD
EUVD
added 2026/02/04 4:47 p.m.5 views

EUVD-2026-5417

n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...

8.5CVSS5.4AI score0.00187EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/04 4:12 p.m.3 views

CVE-2026-20119

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/04 4:12 p.m.26 views

CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...

7.5CVSS0.0037EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/04 4:12 p.m.7 views

CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References1
Cisco
Cisco
added 2026/02/04 4:0 p.m.10 views

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...

7.5CVSS5.5AI score0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.5 views

PT-2026-6263

Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.9 n8n versions prior to 2.2.1 Description n8n is a workflow automation platform. A Cross-Site Scripting XSS issue existed in a markdown rendering component within the n8n interface, affecting areas that support...

8.5CVSS5.5AI score0.00187EPSS
Exploits0References9
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.10 views

Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software 安全漏洞

Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of the American company Cisco. Cisco RoomOS Software is a set of automated management software for Cisco devices. This software is primarily used for upgrading and managing the motherboard firmware of...

7.5CVSS6AI score0.0037EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.8 views

PT-2026-6082

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint Software affected versions not specified Cisco RoomOS Software affected versions not specified Description A flaw exists in the text rendering subsystem that could allow a remote attacker to cause a...

7.5CVSS5.7AI score0.0037EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/04 12:0 a.m.7 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.9 and 2.2.1 contained security vulnerabilities. These vulnerabilities were due to improper handling of the Markdown rendering component, which could lead to cross-site scripting attacks,...

8.5CVSS5.9AI score0.00187EPSS
Exploits0References2
NVD
NVD
added 2026/02/03 10:16 p.m.4 views

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

6.1CVSS0.00307EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 10:4 p.m.4 views

Cross-site Scripting (XSS)

Overview @builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsafe virtual node serialization. An attacker can execute arbitra...

6.1CVSS5.5AI score0.00307EPSS
Exploits0References2
OSV
OSV
added 2026/02/03 9:12 p.m.4 views

CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/03 9:12 p.m.6 views

EUVD-2026-5166

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 9:12 p.m.28 views

CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS0.00307EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/03 9:12 p.m.3 views

CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 9:12 p.m.14 views

CVE-2026-25148

Summary (CVE-2026-25148) Qwik SSR vulnerability: prior to version 1.19.0, the server-side rendering path serializes virtual attributes in a way that can be exploited via XSS. An attacker could inject arbitrary scripts into server-rendered pages through unescaped virtual attributes, enabling scrip...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/03 9:12 p.m.4 views

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/02/03 8:47 p.m.5 views

GHSA-M6JQ-G7GQ-5W3C Qwik SSR XSS via Unsafe Virtual Node Serialization

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

5.3CVSS6AI score0.00307EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/03 8:47 p.m.8 views

Qwik SSR XSS via Unsafe Virtual Node Serialization

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

6.1CVSS6AI score0.00307EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder