CVE-2026-49493 Markdown Preview Enhanced Arbitrary Code Execution via Bitfield interpretJS()

Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS, which evaluates the block content as code via vm.runInNewContext, allowing arbitrary code execution. A crafted markdown document containing a malicious bitfield code block executes attacker-controlled cod...

CVE-2026-49493

Markdown Preview Enhanced prior to 0.8.28 runs Bitfield fenced code blocks containing interpretJS(), which evaluates code via vm.runInNewContext(), enabling arbitrary server-side code execution when rendering or exporting a document. The issue’s root cause is that Bitfield definitions were treate...

Astro SSR - Open Redirect

Astro 5.2.0 through 5.12.7 contains an open redirect caused by improper handling of paths with double slashes in trailing slash redirection logic, letting attackers redirect users to arbitrary external domains, exploit requires on-demand SSR with Node or Cloudflare adapters. id: CVE-2025-54793...

GHSA-GG2G-P7XC-QQMM compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI)

A High severity Server-Side Template Injection SSTI vulnerability exists in the trestle author jinja command. The command recursively evaluates rendered templates, allowing an attacker to achieve arbitrary command execution with privileges of the running process by injecting malicious payloads in...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the navigateTo function when handling external redirects in server-side rendering. An attacker can execute arbitrary HTML or JavaScript in the application's origin by supplying a crafted URL containing...

Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

GHSA-FX6J-W5W5-H468 Nuxt: Reflected XSS in `navigateTo()` external redirect

Summary navigateTo with external: true generates a server-side HTML redirect body containing a tag. The destination URL is only sanitized by replacing " with %22, leaving , &, and ' unencoded. An attacker who can influence the URL passed to navigateTourl, external: true can break out of the...

GHSA-F3CJ-J4F6-WQ85 Svelte: SSR XSS via Insecure Promise Serialization in hydratable

Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true: - you are using hydratable an experimental feature at the time of this report - you are passing attacker-controlled input such that a synchrono...

NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable

NPM: Svelte: SSR XSS via Insecure Promise Serialization in hydratable vulnerability discovered by ? in WordPress Npm svelte versions = 5.46.0, = 5.55.6...

Svelte: SSR XSS via Insecure Promise Serialization in hydratable

Contents of hydratable promises were not properly stringified, potentially leading to an XSS exploit. You are vulnerable if all of the following is true: - you are using hydratable an experimental feature at the time of this report - you are passing attacker-controlled input such that a synchrono...

GHSA-PR6F-5X2Q-RWFP Svelte SSR vulnerable to cross-site scripting via spread attributes

When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers...

Svelte SSR vulnerable to cross-site scripting via spread attributes

When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers...

NPM: Svelte SSR vulnerable to cross-site scripting via spread attributes

NPM: Svelte SSR vulnerable to cross-site scripting via spread attributes vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

CVE-2026-44437

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

CVE-2026-44437 Angular SSR: Open Redirect and Request Steering via Encoded X-Forwarded-Prefix

The Angular SSR is a server-rise rendering tool for Angular applications. From 19.0.0-next.0 to before 19.2.25, 20.3.25, 21.2.9, and 22.0.0-next.7, a vulnerability exists in the X-Forwarded-Prefix header processing logic within Angular SSR. The internal validation mechanism fails to properly...

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

CVE-2026-44458

The CVE-2026-44458 entry affects Hono prior to version 4.12.18, where the JSX renderer does not escape CSS in style object values, allowing untrusted input to inject extra CSS declarations into the rendered style attribute. Impact is confined to CSS and does not permit JavaScript execution or HTM...