Lucene search
K

420 matches found

ATTACKERKB
ATTACKERKB
added 2026/01/19 7:52 p.m.5 views

CVE-2026-23850

SiYuan is a personal knowledge management system. In versions prior to 3.5.4, the markdown feature allows unrestricted server side html-rendering which allows arbitrary file read LFD. Version 3.5.4 fixes the issue...

8.8CVSS5.5AI score0.00522EPSS
Exploits1References7Affected Software1
CNNVD
CNNVD
added 2026/01/19 12:0 a.m.5 views

SiYuan path traversal vulnerability

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan. Versions of SiYuan prior to 3.5.4 contained a path traversal vulnerability. This vulnerability stemmed from the markdown feature, which allowed unlimited server-side HTML rendering, potentially leading to...

8.8CVSS5.9AI score0.00522EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2026/01/19 12:0 a.m.4 views

PT-2026-3496

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.5.4 Description The markdown feature in SiYuan allows unrestricted server-side HTML rendering, which can lead to arbitrary file read LFD and Server-Side Request Forgery SSRF. This issue occurs because the markdown...

8.8CVSS5.7AI score0.00522EPSS
Exploits1References15
Vulnrichment
Vulnrichment
added 2026/01/17 3:24 a.m.12 views

CVE-2025-13725 Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter

The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...

6.5CVSS5.7AI score0.00358EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/17 12:0 a.m.5 views

PT-2026-3342

The Gutenberg Thim Blocks – Page Builder, Gutenberg Blocks for the Block Editor plugin for WordPress is vulnerable to arbitrary file reads in all versions up to, and including, 1.0.1. This is due to insufficient path validation in the server-side rendering of the thim-blocks/icon block. This make...

6.5CVSS5.6AI score0.00358EPSS
Exploits0References8
Snyk
Snyk
added 2026/01/16 9:2 p.m.3 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:value of server-side rendered elements when user-supplied content is not properly escaped. An attacker can execute arbitrary script...

6.1CVSS5.6AI score
Exploits0References2
Snyk
Snyk
added 2026/01/16 9:2 p.m.1 views

Cross-site Scripting (XSS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the bind:value of server-side rendered elements when user-supplied content is not properly escaped. An attacker can execute arbitrary scripts in the context...

6.1CVSS5.6AI score
Exploits0References2
OSV
OSV
added 2026/01/16 9:2 p.m.1 views

GHSA-GW32-9RMW-QWWW svelte is vulnerable to XSS with textarea bind:value

Summary A server-side rendered with two-way bound value does not have its value correctly escaped in the rendered HTML. Details In SSR, does not have its value escaped when it is rendered into the HTML as .... PoC Put this in a server-side-rendered Svelte component: let value = test'"alert'BIM';;...

8.4CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/01/16 9:2 p.m.14 views

svelte is vulnerable to XSS with textarea bind:value

Summary A server-side rendered with two-way bound value does not have its value correctly escaped in the rendered HTML. Details In SSR, does not have its value escaped when it is rendered into the HTML as .... PoC Put this in a server-side-rendered Svelte component: let value = test'"alert'BIM';;...

6.7AI score
Exploits0References3Affected Software1
NVD
NVD
added 2026/01/15 8:16 p.m.4 views

CVE-2025-15265

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...

6.1CVSS0.00301EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/01/15 8:13 p.m.7 views

svelte vulnerable to Cross-site Scripting

Summary An XSS vulnerability exists in Svelte 5.46.0-2 resulting from improper escaping of hydratable keys. If these keys incorporate untrusted user input, arbitrary JavaScript can be injected into server-rendered HTML. Details When using the hydratable function, the first argument is used as a k...

6.1CVSS6AI score0.00301EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2026/01/15 7:59 p.m.21 views

CVE-2025-15265 Svelte 5.46.0 - Hydratable Key Script-Breakout XSS (SSR)

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...

5.3CVSS0.00301EPSS
Exploits1References2
EUVD
EUVD
added 2026/01/15 7:59 p.m.6 views

EUVD-2026-2733

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...

5.3CVSS6.1AI score0.00301EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.4 views

PT-2026-3102

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...

5.3CVSS6.6AI score0.00301EPSS
Exploits1References3
Veracode
Veracode
added 2026/01/14 9:15 a.m.154 views

Cross-site Scripting (XSS)

React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the meta / APIs during server-side rendering, which allows an attacker to inject malicious script content into generated script:ld+json tags and execute arbitrary JavaScript...

7.6CVSS6.8AI score0.00448EPSS
Exploits0References10Affected Software2
SUSE CVE
SUSE CVE
added 2026/01/13 12:24 a.m.3 views

SUSE CVE-2026-21884

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

8.2CVSS6.5AI score0.00472EPSS
Exploits0References3
Veracode
Veracode
added 2026/01/12 3:18 p.m.6 views

Cross-site Scripting (XSS)

React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the API during server-side rendering when generating keys via the getKey or storageKey props, which allows an attacker to inject and execute arbitrary JavaScript...

8.2CVSS6.8AI score0.00472EPSS
Exploits0References10Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-21884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React...

8.2CVSS6.5AI score0.00472EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/12 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2025-59057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exist...

7.6CVSS6.5AI score0.00448EPSS
Exploits0References2
NVD
NVD
added 2026/01/10 3:15 a.m.6 views

CVE-2025-59057

React Router is a router for React. In @remix-run/react versions 1.15.0 through 2.17.0. and react-router versions 7.0.0 through 7.8.2, a XSS vulnerability exists in in React Router's meta/ APIs in Framework Mode when generating script:ld+json tags which could allow arbitrary JavaScript execution...

7.6CVSS0.00448EPSS
Exploits0References8
Rows per page
Query Builder