Lucene search
K

6686 matches found

NVD
NVD
added 2026/01/27 8:16 p.m.5 views

CVE-2026-24771

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, a Cross-Site Scripting XSS vulnerability exists in the ErrorBoundary component of the hono/jsx library. Under certain usage patterns, untrusted user-controlled strings may be rendered as...

4.7CVSS0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.6 views

PT-2026-5014

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.11.7 Description A Cross-Site Scripting XSS issue exists in the ErrorBoundary component of the hono/jsx library. Untrusted data from users may be rendered as raw HTML, potentially allowing execution of arbitrary script...

4.7CVSS6AI score0.00298EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/01/27 12:0 a.m.8 views

Oracle Linux 9 : kernel (ELSA-2026-1143)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1143 advisory. - Bluetooth: hcisock: Prevent race in socket write iter and sock bind CKI Backport Bot RHEL-139462 CVE-2025-68305 - dm: fix dmblkreportzones CKI Backpo...

7.8CVSS7.1AI score0.00195EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2026/01/26 11:36 p.m.10 views

MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field

Summary A Stored Cross-site Scripting XSS vulnerability in MobSF's Android manifest analysis allows an attacker to execute arbitrary JavaScript in the context of a victim's browser session by uploading a malicious APK. The android:host attribute from elements is rendered in HTML reports without...

8.1CVSS6.1AI score0.0031EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2026/01/26 12:0 a.m.4 views

EUVD-2025-206349

Worklenz version 2.1.5 contains a Stored Cross-Site Scripting XSS vulnerability in the Project Updates feature. An attacker can submit a malicious payload in the Updates text field which is then rendered in the reporting view without proper sanitization. Malicious JavaScript may be executed in a...

5.4CVSS5.9AI score0.00224EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.6 views

PT-2026-4843

Name of the Vulnerable Software and Affected Versions MobSF versions prior to 4.4.5 Description MobSF, a mobile application security testing tool, contains a Stored Cross-site Scripting XSS vulnerability in its Android manifest analysis feature. This flaw allows an attacker to execute arbitrary...

8.1CVSS5.9AI score0.0031EPSS
Exploits1References14
AlmaLinux
AlmaLinux
added 2026/01/26 12:0 a.m.6 views

Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Linux kernel: Use-after-free in device mapper due to race condition in zone reporting CVE-2025-38141 kernel: Linux kernel use-after-free in eventpoll CVE-2025-38349 kernel: drm/xe: Fix...

7.8CVSS7AI score0.00195EPSS
Exploits0References18
Redos
Redos
added 2026/01/26 12:0 a.m.4 views

ROS-20260126-73-0050

A vulnerability in the drm/amd/pm component of the Linux kernel is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information and cause denial of service...

5.5CVSS7.2AI score0.00171EPSS
Exploits0
Redos
Redos
added 2026/01/26 12:0 a.m.4 views

ROS-20260126-73-0046

A vulnerability in the drm/amd/pm component of the Linux operating system kernel is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

5.5CVSS7.2AI score0.00176EPSS
Exploits0
OSV
OSV
added 2026/01/24 9:6 a.m.8 views

RLSA-2026:0793 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/xe: Make dma-fences compliant with the safe access rules CVE-2025-38703 kernel: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength CVE-2025-39933 kernel:...

7.8CVSS5.5AI score0.00335EPSS
Exploits0References6
Rockylinux
Rockylinux
added 2026/01/24 9:2 a.m.9 views

kernel security update

An update is available for kernel. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

7.8CVSS7.6AI score0.00183EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/24 3:17 a.m.10 views

CVE-2025-70458

A DOM-based Cross-Site Scripting XSS vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the...

5.4CVSS5.5AI score0.00195EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/22 11:24 p.m.6 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References1
NVD
NVD
added 2026/01/21 11:15 p.m.5 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS0.00243EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/01/21 10:51 p.m.17 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS0.00243EPSS
Exploits1References3
CVE
CVE
added 2026/01/21 10:51 p.m.10 views

CVE-2026-23630

CVE-2026-23630 affects Docmost: versions 0.3.0–0.23.2 are vulnerable to stored XSS in Mermaid diagram rendering. attacker-controlled Mermaid diagrams rendered via mermaid.render() are injected into the DOM with dangerouslySetInnerHTML, and per-diagram %%{init}%% directives can override securityLe...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/21 10:51 p.m.3 views

CVE-2026-23630

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/21 10:51 p.m.4 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.8AI score0.00243EPSS
Exploits1References3
OSV
OSV
added 2026/01/21 10:51 p.m.6 views

CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering

Docmost is open-source collaborative wiki and documentation software. In versions 0.3.0 through 0.23.2, Mermaid code block rendering is vulnerable to stored Cross-Site Scripting XSS. The frontend can render attacker-controlled Mermaid diagrams using mermaid.render, then inject the returned SVG/HT...

6.3CVSS5.9AI score0.00243EPSS
Exploits1References5
Snyk
Snyk
added 2026/01/21 10:46 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of object names in the GetArtifactFile function. An attacker can execute arbitrary JavaScript in another user's browser by crafting malicious workflows that produce an HTML artifact enabling...

9CVSS6AI score0.00337EPSS
Exploits1References2
Rows per page
Query Builder