Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 5:40 p.m.9 views

CVE-2026-53606

A flaw was found in sanitize-html, an HTML sanitizer library. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS attacks. The issue occurs because the sanitizer does not properly validate dangerous URI schemes, such as javascript:, when they are used in certain HTML...

5.4CVSS5.8AI score0.00136EPSS
Exploits0References4
CVE
CVE
added 2026/06/26 3:45 p.m.39 views

CVE-2026-47214

CVE-2026-47214 affects Docling’s HTML backend, where unsafe URI and path handling existed prior to version 2.94.0. The vulnerability enables potential local file access via file:// URIs, directory traversal through ../ sequences or absolute paths, and access to internal network resources when ena...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.33 views

PT-2026-48990

Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.17.5 Description The software uses the allowedSchemesAppliedToAttributes variable to control the naughtyHref function, which is designed to block dangerous URI schemes such as javascript: and vbscript:. Howeve...

5.4CVSS5.2AI score0.00136EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 9:15 p.m.8 views

GHSA-Q29V-XC37-WH5M Docling: Unsafe URI and Path Handling in HTML Backend

Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted file:// URIs enabling local file system access when enablelocalfetch=True - Path resolution allowed traversal outside intended directories via ../ sequences and absolute paths - Did not block intern...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References4
NVD
NVD
added 2026/02/24 3:21 p.m.11 views

CVE-2026-27568

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

6.1CVSS0.00229EPSS
Exploits0References3
OSV
OSV
added 2026/02/24 2:53 p.m.8 views

CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

5.1CVSS5.6AI score0.00229EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/02/20 9:15 p.m.9 views

AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

Vulnerability Type Stored Cross-Site Scripting XSS — CWE-79. Affected Product/Versions AVideo 18.0. Root Cause Summary AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be...

6.1CVSS5.5AI score0.00229EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2009/04/23 12:0 a.m.26 views

FreeBSD : gnomevfs -- unsafe URI handling (7884d56f-f7a1-11d8-9837-000c41e2cdad)

Alexander Larsson reports that some versions of gnome-vfs and MidnightCommander contain a number of extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially crafted URI, arbitrary commands can be executed with the privileges of the victim...

7.5CVSS5.7AI score0.01625EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2004/08/27 12:0 a.m.23 views

FreeBSD : gnomevfs -- unsafe URI handling (60)

The following package needs to be updated: gnomevfs2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg7884d56ff7a111d89837000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...

6.4AI score0.01625EPSS
Exploits0References15
FreeBSD
FreeBSD
added 2004/08/04 12:0 a.m.24 views

gnomevfs -- unsafe URI handling

Alexander Larsson reports that some versions of gnome-vfs and MidnightCommander contain a number of extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially-crafted URI, arbitrary commands can be executed with the privileges of the victim...

7.5CVSS6.5AI score0.01625EPSS
Exploits0References3
Rows per page
Query Builder