Lucene search
K

420 matches found

CVE
CVE
added 2026/02/12 1:35 a.m.105 views

CVE-2026-0969

The CVE-2026-0969 issue stems from the serialize function used to compile MDX in next-mdx-remote, with insufficient sanitization enabling arbitrary code execution in React server-side rendering of untrusted MDX content. The description provides a CVSSv3.1 base score of 8.8 (HIGH) and a network at...

8.8CVSS6.3AI score0.00582EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/05 1:22 a.m.5 views

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References1
NVD
NVD
added 2026/02/03 10:16 p.m.4 views

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

6.1CVSS0.00307EPSS
Exploits0References2
Snyk
Snyk
added 2026/02/03 10:4 p.m.4 views

Cross-site Scripting (XSS)

Overview @builder.io/qwik is an An Open-Source sub-framework designed with a focus on server-side-rendering, lazy-loading, and styling/animation. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the unsafe virtual node serialization. An attacker can execute arbitra...

6.1CVSS5.5AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/03 9:12 p.m.6 views

EUVD-2026-5166

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/03 9:12 p.m.28 views

CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS0.00307EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/03 9:12 p.m.4 views

CVE-2026-25148

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 9:12 p.m.3 views

CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References2
CVE
CVE
added 2026/02/03 9:12 p.m.14 views

CVE-2026-25148

Summary (CVE-2026-25148) Qwik SSR vulnerability: prior to version 1.19.0, the server-side rendering path serializes virtual attributes in a way that can be exploited via XSS. An attacker could inject arbitrary scripts into server-rendered pages through unescaped virtual attributes, enabling scrip...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/02/03 9:12 p.m.4 views

CVE-2026-25148 Qwik SSR XSS via Unsafe Virtual Node Serialization

Qwik is a performance focused javascript framework. Prior to version 1.19.0, a Cross-Site Scripting vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successfu...

5.3CVSS5.8AI score0.00307EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/03 8:47 p.m.8 views

Qwik SSR XSS via Unsafe Virtual Node Serialization

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

6.1CVSS6AI score0.00307EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.3 views

PT-2026-6447

Summary Description A Cross-site Scripting CWE-79 vulnerability in Qwik.js' server-side rendering virtual attribute serialization allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtual attributes. Successful exploitation permits script execution in a...

5.3CVSS6AI score0.00307EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6273

Name of the Vulnerable Software and Affected Versions Qwik versions prior to 1.19.0 Description A Cross-Site Scripting issue exists in Qwik.js' server-side rendering virtual attribute serialization. This allows a remote attacker to inject arbitrary web scripts into server-rendered pages via virtu...

5.3CVSS6AI score0.00307EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/02/03 12:0 a.m.8 views

Qwik 跨站脚本漏洞

Qwik is a micro-web framework developed by Qwik Dev. Versions of Qwik prior to 1.19.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from server-side rendering of virtual property serialization, which allowed remote attackers to inject arbitrary web scripts...

6.1CVSS5.8AI score0.00307EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/21 1:2 a.m.10 views

EUVD-2026-3292

SiYuan vulnerable to Arbitrary file Read / SSRF...

8.8CVSS5.3AI score0.00522EPSS
Exploits1References7
RedhatCVE
RedhatCVE
added 2026/01/20 8:22 p.m.6 views

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

8.8CVSS5.6AI score0.00522EPSS
Exploits1References1
NVD
NVD
added 2026/01/19 8:15 p.m.7 views

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

8.8CVSS0.00522EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/01/19 7:52 p.m.4 views

CVE-2026-23850 SiYuan vulnerable to arbitrary file read

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

8.8CVSS5.6AI score0.00522EPSS
Exploits1References6
CVE
CVE
added 2026/01/19 7:52 p.m.30 views

CVE-2026-23850

SiYuan vulnerable to SSRF/LFD via createDocWithMd: unsanitized markdown can reach local files or internal resources. Affected versions prior to 3.5.4; fix is 3.5.4+. Public sources (OSV, GHSA, Snyk, Red Hat) describe SSRF through markdown handling in kernel/model/file.go and kernel/api/filetree.g...

8.8CVSS5.6AI score0.00522EPSS
Exploits1References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/01/19 7:52 p.m.5 views

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

8.8CVSS5.5AI score0.00522EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder