Lucene search
K

213 matches found

Cvelist
Cvelist
added 5 days ago28 views

CVE-2026-57167 PeerTube: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

PeerTube is an ActivityPub-federated video streaming platform. Prior to 8.2.2, server-side-rendered video watch pages embed a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping less-than, greater-than, or slash characters, allowing a value containing the byte sequence...

5.1CVSS0.00269EPSS
Exploits0References3
CVE
CVE
added 5 days ago8 views

CVE-2026-57167

PeerTube is affected prior to version 8.2.2 by an XSS in server-side rendered video watch pages. The vulnerability arises from embedding a schema.org JSON-LD block by JSON.stringify-ing video metadata without escaping , or / characters, allowing a value that includes the closing script tag sequen...

5.1CVSS6.2AI score0.00269EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 6 days ago8 views

CVE-2026-52725

A flaw was found in the @angular/core component. This vulnerability allows an attacker to bypass security restrictions when creating dynamic components. By manipulating the host element or selector, an attacker can force an Angular component to be mounted directly onto a script tag. This can resu...

6.8CVSS6.1AI score0.00238EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/07 6:57 a.m.8 views

EUVD-2026-42016

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Armiya Information Technologies Ltd. Co. Access Control System GKS allows XSS Targeting HTML Attributes. This issue affects Access Control System GKS: before Version 2...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/07/01 3:20 a.m.6 views

SUSE CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.9AI score0.00455EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/30 5:25 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the writeJson process. An attacker can access sensitive information by exploiting the lack of validation on the callback parameter in JSONP responses, allowing cross-origin data retrieval through a crafted...

3.1CVSS5.7AI score0.0021EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/30 3:57 p.m.6 views

CVE-2026-58371 SeaweedFS < 4.30 - Cross-Origin Information Disclosure via Unvalidated JSONP callback Parameter

SeaweedFS before 4.30 reflects the callback query parameter verbatim into responses served with Content-Type application/javascript in the shared writeJson helper weed/server/common.go, with no callback-name validation, no X-Content-Type-Options: nosniff header, and no CORS allow-list. Every JSON...

3.1CVSS5.7AI score0.0021EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/29 8:36 p.m.7 views

CVE-2026-50229

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, fro...

6.1CVSS5.7AI score0.00455EPSS
Exploits1
NVD
NVD
added 2026/06/25 4:16 p.m.7 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS0.00167EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 3:26 p.m.4 views

EUVD-2026-39445

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS5.9AI score0.00167EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/06/25 3:26 p.m.7 views

CVE-2026-48940

A Joomla user with K2 "create item" rights Author tier by default can submit an article whose embedVideo POST field contains a raw tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page...

3.4CVSS5.8AI score0.00167EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 7:40 a.m.3 views

BIT-PYTHON-MIN-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS5.2AI score0.00229EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-52725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.1...

6.1CVSS6.2AI score0.00238EPSS
Exploits0References3
OSV
OSV
added 2026/06/15 4:51 p.m.8 views

GHSA-692R-GRFM-V8X7 @angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

5.3CVSS6.2AI score0.00238EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/06/15 4:51 p.m.39 views

@angular/core: Angular Template and Dynamic Component Namespace Bypass leading to Cross-Site Scripting (XSS)

An issue in the @angular/core package allows bypassing script-execution restrictions during dynamic component creation. Specifically, the dynamic component instantiation mechanism createComponent failed to reject mounting components directly onto a or namespaced script element such as . This...

6.1CVSS6.1AI score0.00238EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/12 8:57 p.m.23 views

CVE-2026-53608

ApostropheCMS (open-source Node.js) vulnerability CVE-2026-53608 affects the @apostrophecms/seo package up to 1.4.2, where seoGoogleTrackingId and seoGoogleTagManager are injected into [removed] bodies via template literals without sanitization. With editor-level access, an attacker can set these...

8.7CVSS5.3AI score0.0021EPSS
Exploits0References1
Amazon
Amazon
added 2026/06/08 12:0 a.m.13 views

Medium: python3.13

Issue Overview: http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie valu...

6.1CVSS5.4AI score0.00229EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.12 views

CVE-2026-39642

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in SpabRice Nyla allows Code Injection. This issue affects Nyla: from n/a through 1.7...

5.3CVSS5.4AI score0.00255EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-6002

Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross-Site Scripting XSS. This issue affects DivvyDrive: from 4.8.2.9 before 4.8.3.2...

8.8CVSS5.4AI score0.00327EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.13 views

Amazon Linux 2023 : golist (ALAS2023-2026-1742)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1742 advisory. When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport...

7.5CVSS7.5AI score0.00813EPSS
Exploits0References16
Rows per page
Query Builder