Lucene search
K

319 matches found

RedHat Linux
RedHat Linux
added 4 days ago5 views

golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

A flaw was found in golang.org/x/net/html. When arbitrary HTML is parsed and then rendered, it can result in an unexpected HTML tree. This allows an attacker to bypass HTML sanitization mechanisms, leading to Cross-Site Scripting XSS attacks in applications. Such attacks can result in information...

6.1CVSS6.2AI score0.00178EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 4 days ago7 views

golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

6.1CVSS6.6AI score0.00178EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 4 days ago7 views

golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

6.1CVSS6.6AI score0.00178EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 4 days ago5 views

golang.org/x/net/html: golang: golang.org/x/net/html: Cross-Site Scripting via HTML parsing bypass

A flaw was found in golang.org/x/net/html. When arbitrary HTML is parsed and then rendered, it can result in an unexpected HTML tree. This allows an attacker to bypass HTML sanitization mechanisms, leading to Cross-Site Scripting XSS attacks in applications. Such attacks can result in information...

6.1CVSS6.2AI score0.00178EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added last week6 views

CVE-2026-50557

A flaw was found in Angular's @angular/compiler and @angular/core packages. Namespaced script elements were not properly identified by the template preparser, and security context schema mappings did not consistently handle attributes within namespaced elements. An attacker who can inject templat...

6.1CVSS5.7AI score0.00206EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/03 7:53 a.m.6 views

CVE-2026-4804

The Zakra theme for WordPress is vulnerable to Stored Cross-Site Scripting via post meta values in all versions up to, and including, 4.2.0. This is due to the theme registering three post meta fields zakramenuitemcolor, zakramenuitemhovercolor, and zakramenuitemactivecolor with 'showinrest' = tr...

6.4CVSS6.1AI score0.00187EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/07/02 9:31 p.m.7 views

CVE-2026-54265

A flaw was found in Angular's @angular/compiler package. When a native DOM property requiring sanitization is bound using two-way binding syntax, the template compiler fails to apply the appropriate sanitizer. An attacker who controls the bound value can bypass Angular's built-in sanitization,...

6.1CVSS5.5AI score0.00195EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 7:25 p.m.15 views

EUVD-2026-33256

Mautic has SQL Injection in API Contact Filtering...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References2
NVD
NVD
added 2026/07/01 9:17 p.m.7 views

CVE-2026-58263

Jodit Editor is a WYSIWYG editor with written in pure TypeScript file and image editing capabilities. In versions prior to 4.12.28, the built-in clean-html sanitizer can be bypassed by a MathML/ carrier that hides a dangerous element from the sanitizer's element walk, so a no-interaction event...

7.2CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/01 9:0 p.m.37 views

CVE-2026-55660 TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover

Tina is a headless content management system. In versions prior to @tinacms/app 2.5.6 and tinacms 3.9.3, cross-origin postMessage handlers and a rich-text URL-sanitization bypass enable stored XSS and session takeover. The library registers window message listeners — the useTina overlay handler,...

7.6CVSS0.00196EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/30 12:13 a.m.6 views

angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes

A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements as requiring strict sanitization. As a result, an attacker who can supply...

8.5CVSS7.1AI score0.00377EPSS
Exploits1References6
NVD
NVD
added 2026/06/22 4:16 p.m.11 views

CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

6.1CVSS0.00195EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 4:16 p.m.8 views

DEBIAN-CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

6.1CVSS5.8AI score0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

6.1CVSS0.00206EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:27 p.m.34 views

CVE-2026-54265 Angular: Two-Way Property Binding Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

5.3CVSS0.00195EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:27 p.m.3 views

CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

5.3CVSS5.8AI score0.00195EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/22 3:27 p.m.82 views

CVE-2026-54265

The CVE-2026-54265 issue affects the Angular @angular/compiler, where two-way binding on sensitive native DOM properties (e.g., innerHTML, src, href, data, sandbox) can bypass the sanitizer resolution. Prior to versions 22.0.1, 21.2.17, and 20.3.25, the template compiler failed to apply the appro...

6.1CVSS5.8AI score0.00195EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/22 3:11 p.m.39 views

CVE-2026-50557 Angular: Template and Attribute Namespace Sanitization Bypass (XSS)

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS0.00206EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/22 3:11 p.m.7 views

EUVD-2026-38257

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/22 3:11 p.m.4 views

CVE-2026-50557

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.15, 20.3.22 and 19.2.22, an issue in the @angular/compiler and @angular/core packages allows bypassing element and attribute...

5.3CVSS5.8AI score0.00206EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder