Lucene search
K

6685 matches found

OSV
OSV
added 2026/03/26 9:13 p.m.6 views

CVE-2026-33664 Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

7.3CVSS6.1AI score0.00255EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/26 8:50 p.m.5 views

EUVD-2026-16418

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/26 8:50 p.m.0 views

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References2
OSV
OSV
added 2026/03/26 8:50 p.m.2 views

CVE-2026-33742 Invoice Ninja has Stored XSS via Markdown HTML Injection in Product Notes

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 8:25 p.m.3 views

CVE-2026-33738

Lychee is a free, open-source photo-management tool. Prior to version 7.5.3, the photo description field is stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped output in the RSS, Atom, and JSON feed templates. The /feed endpoint is publicly accessible without...

4.8CVSS5.9AI score0.00214EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/26 6:28 p.m.5 views

n8n Vulnerable to XSS via Binary Data Inline HTML Rendering

Impact An authenticated user with permission to create or modify workflows could craft a workflow that produces an HTML binary data object without a filename. The /rest/binary-data endpoint served such responses inline on the n8n origin without Content-Disposition or Content-Security-Policy...

9CVSS5.9AI score0.00249EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/03/26 3:16 p.m.5 views

CVE-2026-33397

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS0.00255EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31860

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-0602

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...

4.3CVSS5.8AI score0.00243EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.2 views

CVE-2026-32754

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting XSS through FreeScout's email notification templates. Incoming email bodies are stored in the database without sanitization and rendered...

9.3CVSS5.9AI score0.00527EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.3 views

CVE-2026-32121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

7.7CVSS5.8AI score0.00191EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.3 views

CVE-2026-32626

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS...

9.6CVSS5.9AI score0.00721EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.5 views

CVE-2026-32753

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. In versions 1.8.208 and below, bypasses of the attachment view logic and SVG sanitizer make it possible to upload and render an SVG that runs malicious JavaScript. An extension of .png with content type of...

8.5CVSS5.7AI score0.00207EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

8.8CVSS5.9AI score0.00782EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 1:46 p.m.26 views

CVE-2026-33397

The CVE concerns Angular SSR bottleneck/open-redirect in @angular/ssr. Affected series: 22.x before 22.0.0-next.2, 21.x before 21.2.3, and 20.x before 20.3.21, with a patch included in 22.0.0-next.2, 21.2.3, and 20.3.21. Root cause: incomplete fix for CVE-2026-27738 where a single backslash in X-...

6.9CVSS5.8AI score0.00255EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/26 1:46 p.m.3 views

CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS5.9AI score0.00255EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/26 12:0 a.m.12 views

Invoice Ninja 跨站脚本漏洞

Invoice Ninja is an open-source application developed by Invoice Ninja, featuring functions for invoices, quotes, projects, and time tracking. Version 5.13.0 of Invoice Ninja contains a cross-site scripting vulnerability. This vulnerability stems from the product notes field allowing raw HTML to ...

5.4CVSS5.6AI score0.00202EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.3 views

PT-2026-28519

Name of the Vulnerable Software and Affected Versions Lychee versions prior to 7.5.3 Description Lychee is a free, open-source photo-management tool. Before version 7.5.3, the photo description field was stored without HTML sanitization and rendered using !! $item-summary !! Blade unescaped outpu...

4.8CVSS6AI score0.00214EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/03/26 12:0 a.m.2 views

PT-2026-28508

Name of the Vulnerable Software and Affected Versions Kestra versions up to and including 1.3.3 Description Kestra is an open-source, event-driven orchestration platform. Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields – description, inputs.displayName,...

7.3CVSS5.9AI score0.00255EPSS
Exploits1References3
CNVD
CNVD
added 2026/03/26 12:0 a.m.4 views

Discourse cross-site scripting vulnerability (CNVD-2026-17264)

Discourse is Discourse open source set of open source community discussion platform. The platform includes features such as community , e-mail and chat rooms . Discourse suffers from a cross-site scripting vulnerability that stems from the onebox method in the SharedAiConversation model rendering...

6.1CVSS5.9AI score0.00347EPSS
Exploits0
Rows per page
Query Builder