Lucene search
K

417 matches found

NVD
NVD
added 2026/03/26 3:16 p.m.5 views

CVE-2026-33397

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS0.00255EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.3 views

CVE-2026-31860

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:2 p.m.3 views

CVE-2026-32121

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 8.0.0.1, Stored XSS in prescription CSS/HTML print view via patient demographics. That finding involves server-side rendering of patient names via raw PHP echo. This finding involves...

7.7CVSS5.8AI score0.00191EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:0 p.m.3 views

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

8.8CVSS5.9AI score0.00782EPSS
Exploits0References1
OSV
OSV
added 2026/03/26 1:46 p.m.3 views

CVE-2026-33397 Angular SSR Vulnerable to Protocol-Relative URL Injection via Single Backslash Bypass

The Angular SSR is a server-rise rendering tool for Angular applications. Versions on the 22.x branch prior to 22.0.0-next.2, the 21.x branch prior to 21.2.3, and the 20.x branch prior to 20.3.21 have an Open Redirect vulnerability in @angular/ssr due to an incomplete fix for CVE-2026-27738. Whil...

6.9CVSS5.9AI score0.00255EPSS
Exploits0References5
CVE
CVE
added 2026/03/26 1:46 p.m.27 views

CVE-2026-33397

The CVE concerns Angular SSR bottleneck/open-redirect in @angular/ssr. Affected series: 22.x before 22.0.0-next.2, 21.x before 21.2.3, and 20.x before 20.3.21, with a patch included in 22.0.0-next.2, 21.2.3, and 20.3.21. Root cause: incomplete fix for CVE-2026-27738 where a single backslash in X-...

6.9CVSS5.8AI score0.00255EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/23 10:45 p.m.3 views

CVE-2026-33046

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.12, due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaT...

7.7CVSS5.9AI score0.00782EPSS
Exploits0References7Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/23 8:43 p.m.5 views

Indico discloses local files resulting in Remote Code Execution through LaTeX injection

!NOTE If server-side LaTeX rendering is not in use ie XELATEXPATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

8.8CVSS6AI score0.00782EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2026/03/23 8:43 p.m.2 views

GHSA-RM2Q-F7JV-3CFP Indico discloses local files resulting in Remote Code Execution through LaTeX injection

!NOTE If server-side LaTeX rendering is not in use ie XELATEXPATH was not set in indico.conf, this vulnerability does not apply. Impact Due to vulnerabilities in TeXLive and obscure LaTeX syntax that allowed circumventing Indico's LaTeX sanitizer, it is possible to use specially-crafted LaTeX...

7.7CVSS6AI score0.00782EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/03/19 9:22 p.m.15 views

Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR

An Open Redirect vulnerability exists in @angular/ssr due to an incomplete fix for CVE-2026-27738. While the original fix successfully blocked multiple leading slashes e.g., ///, the internal validation logic fails to account for a single backslash \ bypass. When an Angular SSR application is...

6.9CVSS5.7AI score0.00255EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/12 6:16 p.m.3 views

CVE-2026-31860

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...

6.1CVSS0.00258EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/12 5:18 p.m.1 views

CVE-2026-31860 Unhead has a XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. The acceptDataAttrs...

5.3CVSS5.9AI score0.00258EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 5:18 p.m.2 views

CVE-2026-31860

Unhead is a document head and template manager. Prior to 2.1.11, useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered...

5.3CVSS5.9AI score0.00258EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/03/12 5:18 p.m.14 views

CVE-2026-31860

CVE-2026-31860 affects Unhead prior to version 2.1.11, where the useHeadSafe() composable can be bypassed to inject arbitrary HTML attributes (including event handlers) into SSR-rendered tags via acceptDataAttrs. The vulnerability arises from allowing any key starting with data- (and even spaces...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/12 2:49 p.m.4 views

EUVD-2026-11373

StudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's Settings...

5.4CVSS5.8AI score0.00253EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/12 2:19 p.m.17 views

Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check

Summary useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. Details XSS via data- attribute name injection The acceptDataAttrs function safe.t...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References5Affected Software1
Snyk
Snyk
added 2026/03/12 2:19 p.m.3 views

Cross-site Scripting (XSS)

Overview unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the acceptDataAttrs function, which allows attribute names containing spaces or illegal characters to be injected into SSR-rendered HTML tags. An...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/12 2:19 p.m.4 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:unhead is a Full-stack manager built for any framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the acceptDataAttrs function, which allows attribute names containing spaces or illegal characters to be injected into SSR-rendered HTM...

6.1CVSS5.9AI score0.00258EPSS
Exploits1References2
OSV
OSV
added 2026/03/12 2:19 p.m.3 views

GHSA-G5XX-PWRP-G3FV Unhead has XSS bypass in `useHeadSafe` via attribute name injection and case-sensitive protocol check

Summary useHeadSafe can be bypassed to inject arbitrary HTML attributes, including event handlers, into SSR-rendered tags. This is the composable that Nuxt docs recommend for safely handling user-generated content. Details XSS via data- attribute name injection The acceptDataAttrs function safe.t...

5.3CVSS6AI score0.00258EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.6 views

unhead 跨站脚本漏洞

unhead is a document header and template manager developed by UnJS. Versions of unhead prior to 2.1.11 contained a cross-site scripting vulnerability. This vulnerability stemmed from the use of the useHeadSafe function, which could be bypassed, allowing arbitrary HTML attributes to be injected in...

6.1CVSS5.8AI score0.00258EPSS
Exploits1References1
Rows per page
Query Builder