Lucene search
+L

35 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-54443

Dashy is a self-hostable personal dashboard. From 1.9.4 until 3.2.0, the Dashy RSS Widget in src/components/Widgets/RssFeed.vue does not sanitize RSS item link values before rendering feed item titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a...

5.9CVSS0.00229EPSS
Exploits0References2
CVE
CVE
added 3 days ago13 views

CVE-2026-54443

The CVE affects Dashy’s RSS Widget (src/components/Widgets/RssFeed.vue). From versions 1.9.4 through 3.2.0, RSS item link values are not sanitized before rendering titles and Read More links as anchor href attributes, allowing an attacker-controlled feed to provide a javascript: URI that executes...

5.9CVSS6.1AI score0.00229EPSS
Exploits0References2
CVE
CVE
added 2026/07/10 8:58 p.m.11 views

CVE-2026-55665

Grist spreadsheet app vulnerable to DOM-based XSS prior to version 1.7.15. Two flaws allowed attacker-controlled values to appear in link hrefs without scheme validation, enabling a javascript URL to execute in a victim’s Grist origin on a single click. Specifically, on the account-selection page...

8.5CVSS6.1AI score0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/10 8:58 p.m.32 views

CVE-2026-55665 DOM-based XSS in Grist via unsanitized links, enabling privilege escalation

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a link's href without scheme validation, so a javascript URL could run in a victim's Grist origin on a single...

8.5CVSS0.00322EPSS
Exploits0References3
OSV
OSV
added 2026/07/10 8:58 p.m.2 views

CVE-2026-55665 DOM-based XSS in Grist via unsanitized links, enabling privilege escalation

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, Grist contained two cross-site scripting vulnerabilities where an attacker-controlled value reached a link's href without scheme validation, so a javascript URL could run in a victim's Grist origin on a single...

8.5CVSS6.1AI score0.00322EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/07/01 8:44 p.m.6 views

CVE-2026-55661

Tina is a headless content management system. In versions prior to @tinacms/mdx 2.1.7 and tinacms 3.9.3, rich-text parsing and the default link/image renderers did not sanitize the url field on Slate link/image nodes. Content containing javascript: or data:text/html URLs — including case-variant,...

4.8CVSS5.6AI score0.00239EPSS
Exploits0References3Affected Software2
SUSE CVE
SUSE CVE
added 2026/07/01 3:48 a.m.7 views

SUSE CVE-2025-1015

The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For example, in the “Other” field of the Instant Messaging section. If another user imported the address book,...

7.8CVSS6.9AI score0.01331EPSS
Exploits0References7
NVD
NVD
added 2026/05/28 6:16 p.m.16 views

CVE-2026-45348

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, the packages.js template at src/pyload/webui/app/themes/modern/templates/js/packages.js:172 interpolates a stored link URL into a template literal inside single-quoted HTML and then writes the result to...

8.7CVSS0.00199EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/27 5:7 p.m.11 views

cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI

A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by exploiting unsanitized user-controlled parameters within crafted links in the system logs user interface UI. An attacker can inject shell metacharacters and command...

8CVSS7.3AI score0.01016EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Thunderbird

The Thunderbird Address Book’s URI fields contained unsanitized links. Attackers could use these links to create and export an address book containing malicious payloads in certain fields. For example, in the “Other” field of the Instant Messaging section. If another user imported the address boo...

5.4CVSS7AI score0.01331EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/16 10:49 p.m.16 views

Cross-site Scripting (XSS)

Overview @paperclipai/ui is a Prebuilt Paperclip board UI assets. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the MarkdownBody class, where user-supplied markdown content is rendered without proper URL sanitization due to an overridden urlTransform function. An...

5.4CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/03/03 5:0 a.m.4 views

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

5.1CVSS6AI score0.00311EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-39277

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features,...

4.8CVSS6.8AI score0.00538EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-3377

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package ansiup converts ANSI escape codes into HTML. In ansiup v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL...

6.1CVSS6.4AI score0.08EPSS
Exploits1References2
Snyk
Snyk
added 2025/05/01 6:33 a.m.2 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the ‎PackageIndex.downloadurl method. Due to insufficient sanitization of special characters, an attacker can write files to arbitrary locations on the filesystem with the permissions of the process running t...

8.8CVSS8.2AI score0.01454EPSS
Exploits4References3
CVE
CVE
added 2025/04/15 3:6 p.m.128 views

CVE-2025-3522

Summary of CVE-2025-3522 (Thunderbird) : Thunderbird improperly processes the X-Mozilla-External-Attachment-URL header used for external attachments. When opening an email, Thunderbird fetches the URL to determine file size and may navigate to it when attaching is clicked. The URL is not validate...

6.3CVSS6.7AI score0.00258EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2025/02/12 9:37 a.m.6 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/02/12 4:23 a.m.4 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/02/12 4:8 a.m.7 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/02/11 4:45 p.m.8 views

thunderbird: Unsanitized address book fields

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The Thunderbird Address Book URI fields contained unsanitized links. This could be used by an attacker to create and export an address book containing a malicious payload in a field. For...

5.4CVSS7.4AI score0.01331EPSS
Exploits0References6
Rows per page
Query Builder