Lucene search
+L

112 matches found

NVD
NVD
added yesterday7 views

CVE-2026-49210

Symfony UX is a JavaScript ecosystem for Symfony. From 2.8.0 until 2.36.0 and 3.1.0, Symfony\UX\LiveComponent\Util\ChildComponentPartialRenderer::createHtml interpolates the client-controlled childrenid.tag value from LiveComponentSubscriber and InterceptChildComponentRenderSubscriber directly in...

2.3CVSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/09 9:56 p.m.7 views

CVE-2026-49256

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...

6.3CVSS5.9AI score0.00373EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/09 9:56 p.m.31 views

CVE-2026-49256 Discourse: Hidden tag names leaked via category serializers

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...

6.3CVSS0.00373EPSS
Exploits0References5
CVE
CVE
added 2026/07/09 9:56 p.m.15 views

CVE-2026-49256

CVE-2026-49256 (Discourse) concerns a leakage vulnerability where restricted tag names and tag-group names attached to publicly readable categories could be exposed to anonymous/unauthorized users via category and group endpoints. Affected versions include prior to 2026.6.0, 2026.5.1, 2026.4.2, a...

7.5CVSS5.9AI score0.00373EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/07/09 9:56 p.m.3 views

CVE-2026-49256 Discourse: Hidden tag names leaked via category serializers

Discourse is an open-source discussion platform. Prior to 2026.6.0, 2026.5.1, 2026.4.2, and 2026.1.5, restricted tag and tag-group names attached to publicly readable categories as allowedtags, allowedtaggroups, or required tag groups could leak to anonymous and unauthorized users through categor...

6.3CVSS6.1AI score0.00373EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/07/09 12:0 a.m.9 views

PT-2026-56997

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2026.6.0 Discourse versions prior to 2026.5.1 Discourse versions prior to 2026.4.2 Discourse versions prior to 2026.1.5 Description Restricted tag and tag-group names attached to publicly readable categories as...

7.5CVSS6.1AI score0.00373EPSS
Exploits0References14
Snyk
Snyk
added 2026/07/03 10:19 p.m.6 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the process that handles repository dump creation, which uses release tag names and asset names as filesystem path components. An attacker can manipulate file system paths by providing specially crafted release t...

8.7CVSS6.5AI score0.00369EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.34 views

CVE-2026-28705 Gitea repository dumps write release assets using unsafe path names

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...

0.00369EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/03 8:19 p.m.6 views

CVE-2026-28705

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths...

6AI score0.00369EPSS
Exploits0References5
OSV
OSV
added 2026/06/24 2:17 p.m.3 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:20 p.m.7 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 1:20 p.m.39 views

CVE-2026-57286

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

0.00216EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 1:20 p.m.10 views

EUVD-2026-38766

A missing permission check in Jenkins Git Parameter Plugin 462.vdcf3df2ed2ca and earlier allows attackers with Item/Read permission to obtain information about the SCM repository used by a job, such as branch names, tag names, and revision metadata...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:26 p.m.12 views

CVE-2026-47264 Discourse: Don't leak restricted tag group names via tag info

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, DetailedTagSerializertaggroupnames returned every tag group a tag belonged to without filtering against the requesting...

5.3CVSS5.2AI score0.00216EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/01 12:0 a.m.11 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS : Vim vulnerability (USN-8342-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-8342-1 advisory. It was discovered that Vim did not properly handle backticks in tag filenames. An attacker could possibly use this issue to...

6.6CVSS6.1AI score0.00501EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 10:41 a.m.7 views

Cross-site Scripting (XSS)

Overview symfony/ux-live-component is a Live components for Symfony Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of child component tag names in ChildComponentPartialRenderer::createHtml. An attacker can inject arbitrary HTML, including...

8CVSS5.1AI score
Exploits0References2
Snyk
Snyk
added 2026/05/14 8:29 p.m.10 views

Regular Expression Denial of Service (ReDoS)

Overview svelte is a package for building web applications. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the svelte:element tag validation process. An attacker can cause significant performance degradation by supplying specially crafted ta...

5.9CVSS5.8AI score0.00421EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.9 views

Svelte: ReDoS in `<svelte:element>` Tag Validation

An internal regex in the Svelte runtime can take exponential time to test in . You are only vulnerable to this if you allow tags of unconstrained length. If your application only allows a predetermined list of tags or trims their length before passing them to svelte:element, you are safe...

7.5CVSS5.8AI score0.00421EPSS
Exploits0References4Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/14 7:58 p.m.9 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

6.1CVSS5.8AI score0.0014EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.90 views

CVE-2026-44455

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.16, Improper handling of JSX element tag names in hono/jsx allowed unvalidated tag names to be directly inserted into the generated HTML output. When untrusted input is used as a tag name via the...

6.1CVSS0.0014EPSS
Exploits0References1
Rows per page
Query Builder