6650 matches found
CVE-2026-31864
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...
EUVD-2026-12085
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...
CVE-2026-31864
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...
CVE-2026-31864 JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...
CVE-2026-31864
JumpServer is affected by a Server-Side Template Injection (SSTI) in the Applet and VirtualApp upload flow. The manifest.yml is rendered with Jinja2 without sandboxing when processing user-uploaded ZIP packages, allowing template injection. Exploitation requires administrative privileges (Applica...
CVE-2026-31864 JumpServer has a Server-Side Template Injection Leading to RCE via YAML Rendering
JumpServer is an open source bastion host and an operation and maintenance security audit system. a Server-Side Template Injection SSTI vulnerability exists in JumpServer's Applet and VirtualApp upload functionality. This vulnerability can only be exploited by users with administrative privileges...
BIT-GITLAB-2026-0602 Authentication Bypass Using an Alternate Path or Channel in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering...
PT-2026-25378
Another example of the nodeIntegration: true / contextIsolation: false combination leading to a critical security vulnerability in a production Electron application. AnythingLLM Desktop is a popular local LLM + RAG tool. Their streaming chat renderer does not sanitise LLM output before DOM...
CVE-2026-32308
OneUptime prior to version 10.0.23 is affected by a Stored XSS in the Markdown viewer’s Mermaid diagram rendering. The renderer uses securityLevel: "loose" and injects Mermaid SVG output via innerHTML, allowing interactive bindings and enabling XSS via Mermaid’s click directive to execute arbitra...
CVE-2026-31860
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...
CVE-2026-31860 Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...
CVE-2026-31860
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered...
CVE-2026-31860
CVE-2026-31860 affects Unhead prior to version 2.1.11, where the useHeadSafe() composable can be bypassed to inject arbitrary HTML attributes (including event handlers) into SSR-rendered tags via acceptDataAttrs. The vulnerability arises from allowing any key starting with data- (and even spaces...
EUVD-2026-11373
StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings...
GHSA-PF93-J98V-25PV ha-mcp has XSS via Unescaped HTML in OAuth Consent Form
Summary The ha-mcp OAuth consent form renders user-controlled parameters via Python f-strings with no HTML escaping. An attacker who can reach the OAuth endpoint and convince the server operator to follow a crafted authorization URL could execute JavaScript in the operator's browser. This affects...
Cross-site Scripting (XSS)
Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the acceptDataAttrs function, which allows attribute names containing spaces or illegal characters to be injected into SSR-rendered HTML tags. An...
Cross-site Scripting (XSS)
Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the acceptDataAttrs function, which allows attribute names containing spaces or illegal characters to be injected into SSR-rendered HTM...
GHSA-G5XX-PWRP-G3FV Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Summary useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. Details XSS via data- attribute name injection The acceptDataAttrs function safe.t...
Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check
Summary useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. Details XSS via data- attribute name injection The acceptDataAttrs function safe.t...
PT-2026-25020
Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...