Lucene search
K

1285 matches found

Nuclei
Nuclei
added 8 hours ago24 views

osTicket - Arbitrary File Read

Enhancesoft osTicket versions 1.18.x prior to 1.18.3 and 1.17.x prior to 1.17.7 contain an arbitrary file read vulnerability in the ticket PDF export functionality. A remote attacker can submit a ticket containing crafted rich-text HTML that includes PHP filter expressions which are insufficientl...

8.7CVSS6.3AI score0.73125EPSS
Exploits3References3
NVD
NVD
added 2026/07/01 9:17 p.m.5 views

CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 9:17 p.m.6 views

CVE-2026-55660

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS0.00196EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/01 8:44 p.m.36 views

CVE-2026-55661 TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS0.00239EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 8:44 p.m.6 views

CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2026/07/01 8:44 p.m.24 views

CVE-2026-55661

CVE-2026-55661 affects TinaCMS rich-text rendering (Slate JSON) where the url field on Slate link/image nodes was not sanitized, allowing stored XSS via dangerous URL schemes such as javascript: or data:text/html. Affected versions include tinacms/mdx <2.1.7 and tinacms =2.1.7 and tinacms >...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 8:17 p.m.7 views

CVE-2026-44696

OpenProject is open-source, web-based project management software. Prior to 17.4.0, OpenProject's rich text markdown rendering pipeline uses Sanitize::Config::RELAXED:css for inline style sanitization. This configuration permits essentially all CSS properties in style attributes on permitted HTML...

5.7CVSS0.00211EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 p.m.10 views

CVE-2026-55409

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS0.00168EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:47 p.m.6 views

CVE-2026-55409

Filament is a collection of full-stack components for accelerated Laravel development. From 3.0.0 until 3.3.53, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attack...

7.6CVSS5.8AI score0.00168EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2026/06/19 9:15 p.m.7 views

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

NPM: TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover vulnerability discovered by ? in WordPress Npm tinacms versions 3.9.3...

7.6CVSS5.8AI score0.00196EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/19 3:16 p.m.16 views

CVE-2026-21768

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

6.3CVSS0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/19 2:50 p.m.35 views

CVE-2026-21768 HCL Verse for Android is susceptible to an injection vulnerability

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

6.3CVSS0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/19 2:50 p.m.10 views

EUVD-2026-38035

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

6.3CVSS5.8AI score0.00112EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:50 p.m.4 views

CVE-2026-21768

The compose-rich-editor library v1.0.0-rc14 used in HCL Verse for Android's rich text email composition fails to properly validate all HTML input thereby allowing malicious content to be executed in certain situations...

6.3CVSS5.8AI score0.00112EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/19 2:50 p.m.21 views

CVE-2026-21768

CVE-2026-21768 affects the compose-rich-editor library (v1.0.0-rc14) used in HCL Verse for Android. The vulnerability arises from improper validation of HTML input in the rich text editor, enabling execution of malicious content in certain scenarios. According to NVD, CVSSv3.1 base score is 6.3 (...

6.3CVSS5.8AI score0.00112EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.18 views

PT-2026-50924

Name of the Vulnerable Software and Affected Versions compose-rich-editor version 1.0.0-rc14 Description The compose-rich-editor library, used in HCL Verse for Android for rich text email composition, fails to properly validate HTML input. This lack of validation allows malicious content to be...

6.3CVSS5.8AI score0.00112EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/18 1:7 p.m.7 views

TinaCMS rich-text (slatejson) rendering does not sanitize link/image URLs, allowing stored XSS via dangerous URL schemes

TinaCMS rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant, whitespace-padded, and control-character-obfuscated forms — is rendered into href/src and execut...

4.8CVSS5.2AI score0.00239EPSS
Exploits0References3Affected Software2
GithubExploit
GithubExploit
added 2026/06/14 9:6 p.m.108 views

Exploit for CVE-2022-30190

Explotación de Follina CVE-2022-30190 Follina CVE-2022-3...

9.3CVSS8AI score0.99374EPSS
Exploits62
NVD
NVD
added 2026/06/12 9:16 p.m.16 views

CVE-2026-45012

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch...

7.6CVSS0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:44 p.m.8 views

CVE-2026-45012 Apostrophe has authenticated SSRF in rich-text widget import via @apostrophecms/area/validate-widget

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery SSRF in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause the server to fetch...

7.6CVSS5.2AI score0.00197EPSS
Exploits0References1
Rows per page
Query Builder