6686 matches found
CVE-2026-25054 n8n is Vulnerable to Stored Cross-Site Scripting via Markdown Rendering in Workflow UI
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...
EUVD-2026-5417
n8n is an open source workflow automation platform. Prior to versions 1.123.9 and 2.2.1, a Cross-Site Scripting XSS vulnerability existed in a markdown rendering component used in n8n's interface, including workflow sticky notes and other areas that support markdown content. An authenticated user...
CVE-2026-20119
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...
CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...
CVE-2026-20119 Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...
Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability
A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to insufficient validation...
PT-2026-6263
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.9 n8n versions prior to 2.2.1 Description n8n is a workflow automation platform. A Cross-Site Scripting XSS issue existed in a markdown rendering component within the n8n interface, affecting areas that support...
Cisco RoomOS Software和Cisco TelePresence Collaboration Endpoint Software 安全漏洞
Cisco RoomOS Software and Cisco TelePresence Collaboration Endpoint Software are both products of the American company Cisco. Cisco RoomOS Software is a set of automated management software for Cisco devices. This software is primarily used for upgrading and managing the motherboard firmware of...
PT-2026-6082
Name of the Vulnerable Software and Affected Versions Cisco TelePresence Collaboration Endpoint Software affected versions not specified Cisco RoomOS Software affected versions not specified Description A flaw exists in the text rendering subsystem that could allow a remote attacker to cause a...
n8n 安全漏洞
n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.9 and 2.2.1 contained security vulnerabilities. These vulnerabilities were due to improper handling of the Markdown rendering component, which could lead to cross-site scripting attacks,...
CVE-2026-25148
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...
Cross-site Scripting (XSS)
Overview @builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsafe virtual node serialization. An attacker can execute arbitra...
CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...
EUVD-2026-5166
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...
CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...
CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...
CVE-2026-25148
Summary (CVE-2026-25148) Qwik SSR vulnerability: prior to version 1.19.0, the server-side rendering path serializes virtual attributes in a way that can be exploited via XSS. An attacker could inject arbitrary scripts into server-rendered pages through unescaped virtual attributes, enabling scrip...
CVE-2026-25148
Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...
GHSA-M6JQ-G7GQ-5W3C Qwik SSR XSS via Unsafe Virtual Node Serialization
Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...
Qwik SSR XSS via Unsafe Virtual Node Serialization
Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...