Lucene search
K

129 matches found

OSV
OSV
added 2026/06/29 4:53 p.m.5 views

MAL-2026-6605 Malicious code in @bscom/styling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b4a6eb2b93e7ac0b6e45f2cc44f23127ef61b7d605b6c64f6bcbc58bdbe4543 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.12 views

Malicious code in @bscom/styling (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3b4a6eb2b93e7ac0b6e45f2cc44f23127ef61b7d605b6c64f6bcbc58bdbe4543 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
Fedora
Fedora
added 2026/06/27 12:56 a.m.6 views

[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-6.fc43

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6.9AI score0.03552EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2026/06/08 2:59 p.m.10 views

CVE-2026-41159

A flaw was found in Mermaid, a JavaScript tool for creating diagrams and charts. A remote attacker could exploit this vulnerability by injecting malicious Cascading Style Sheets CSS through specific configuration options, such as fontFamily, themeCSS, and altFontFamily. This injected CSS can bypa...

5.4CVSS6.1AI score0.00398EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.27 views

PT-2026-45681

Name of the Vulnerable Software and Affected Versions Simple Custom Login Page versions prior to 1.0.4 Description The Simple Custom Login Page plugin for WordPress contains a Stored Cross-Site Scripting issue. The problem occurs because color settings fields are registered and stored without a...

4.4CVSS5.7AI score0.00183EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/05/30 12:0 a.m.18 views

Linux Distros Unpatched Vulnerability : CVE-2026-41159

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default...

5.3CVSS5.5AI score0.00398EPSS
Exploits0References3
OSV
OSV
added 2026/05/29 3:16 p.m.7 views

DEBIAN-CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/29 1:53 p.m.39 views

CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS0.00398EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Roundcube Webmail 代码问题漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking and more. A code issue vulnerability exists in Roundcube Webmail versions 1.6.x 1.6.14 through 1.6.16 and versions prior to 1.7.x 1.7.1,...

7.2CVSS5.8AI score0.0036EPSS
Exploits0References5
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/19 6:45 p.m.17 views

Malicious code in qr-code-styling-temp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004a5cc51cc0e38448c56189fb4437ad113eec163f7ae1a7692b88d6aed71182 The package's install lifecycle script node index.js and its main entry both load lib/core.js, which reads os.userInfo.username, os.hostname, and the...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/19 6:45 p.m.9 views

MAL-2026-4655 Malicious code in qr-code-styling-temp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004a5cc51cc0e38448c56189fb4437ad113eec163f7ae1a7692b88d6aed71182 The package's install lifecycle script node index.js and its main entry both load lib/core.js, which reads os.userInfo.username, os.hostname, and the...

5.8AI score
Exploits0References2
Fedora
Fedora
added 2026/05/15 8:58 p.m.13 views

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-4.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS6AI score0.61469EPSS
Exploits41
Positive Technologies
Positive Technologies
added 2026/05/01 12:0 a.m.11 views

PT-2026-36547

Name of the Vulnerable Software and Affected Versions nextlevelbuilder ui-ux-pro-max-skill versions prior to 2.5.1 Description A flaw in the Tailwind Config Generator component allows remote code injection. The issue exists within the format plugins function located in the...

6.5CVSS6.9AI score0.00242EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/04/21 6:43 a.m.4 views

CVE-2026-6703

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 2.2.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticat...

4.3CVSS5.7AI score0.0023EPSS
Exploits0References9Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/10 12:0 a.m.5 views

Fedora 43 : chromium (2026-f62db6b372)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f62db6b372 advisory. Update to 145.0.7632.159 CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue in PowerVR CVE-2026-3538: Integer overflow i...

9.6CVSS6.2AI score0.00497EPSS
Exploits0References11
OSV
OSV
added 2026/01/15 10:40 p.m.3 views

GHSA-44JG-MV3H-WJ6G solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling...

4.8CVSS6.3AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/01/15 10:40 p.m.9 views

solspace/craft-freeform Vulnerable to XSS in `PhpSpreadsheet` HTML Writer Due to Unsanitized Styling Data

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. \PhpOffice\PhpSpreadsheet\Writer\Html doesn't sanitize spreadsheet styling...

7.8AI score
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/01/09 8:12 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the stylesheet input in the backend branding and appearance configuration. An attacker can execute arbitrary scripts in the context of backend users by injecting malicious HTML or JavaScript. This is only...

8.4CVSS5.4AI score0.00183EPSS
Exploits0References2
OSV
OSV
added 2026/01/09 8:12 p.m.1 views

GHSA-WVPQ-H33F-8RP6 October CMS Vulnerable to Stored XSS via Branding Styles

A cross-site scripting XSS vulnerabilities was identified in October CMS backend configuration forms: - Branding and Appearances Styles A user with the Customize Backend Styles permission could inject malicious HTML/JS into the stylesheet input at Settings → Branding & Appearance → Styles. A...

6.1CVSS6.1AI score0.00183EPSS
Exploits0References3
Fedora
Fedora
added 2026/01/04 1:3 a.m.13 views

[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.5.2-13.fc42

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

6.3CVSS6.4AI score0.00394EPSS
Exploits0
Rows per page
Query Builder