Lucene search
K

67 matches found

OSV
OSV
added 2026/07/06 8:16 p.m.3 views

DEBIAN-CVE-2026-50133

Hugo is a static site generator. Prior to 0.162.0, Hugo accepts content files in several markup formats. Files mapped to the text/html media type typically .html files under /content, or pages produced by a content adapter that sets content.mediaType = "text/html" had their body emitted verbatim...

6.1CVSS5.4AI score0.00187EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/02 5:30 a.m.11 views

CVE-2026-47214

A flaw was found in Docling, a document processing tool. Its HTML backend contained vulnerabilities related to unsafe handling of Uniform Resource Identifiers URIs and file paths. This could allow an attacker to access local files, navigate outside of intended directories path traversal, and...

7.1CVSS5.8AI score0.00217EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-14083

Insufficient validation of untrusted input in HTML in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS0.00182EPSS
Exploits0References2
NVD
NVD
added 2026/06/24 6:17 p.m.9 views

CVE-2026-44016

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS0.00384EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/24 5:42 p.m.4 views

CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS6.7AI score0.00384EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 5:42 p.m.32 views

CVE-2026-44016

Docling (Python SDK) versions 2.82.0–2.90.x are affected when the HTML backend is explicitly enabled for rendering. The Playwright-based rendering had a vulnerability that could allow JavaScript execution and unrestricted network access in the rendering context for untrusted HTML, enabling potent...

8.2CVSS6.7AI score0.00384EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2026/06/24 5:42 p.m.3 views

CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS6.7AI score0.00384EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 5:42 p.m.30 views

CVE-2026-44016 Docling: Unsafe Playwright-based HTML Rendering

Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering...

8.2CVSS0.00384EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/15 7:53 p.m.17 views

DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

INPLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — silent no-op when forceRemove is called on a parent-less node Summa...

5.4AI score0.00042EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/15 7:53 p.m.8 views

GHSA-R47G-FVHR-H676 DOMPurify: IN_PLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM

INPLACE mode preserves attributes of a clobbered root element, allowing XSS via attacker-controlled root DOM CWE: CWE-79 XSS — Improper Neutralization of Input During Web Page Generation via CWE-693 Protection Mechanism Failure — silent no-op when forceRemove is called on a parent-less node Summa...

6.1CVSS5.5AI score0.00042EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/03 9:9 p.m.17 views

Docling: Unsafe Playwright-based HTML Rendering

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...

8.2CVSS6.5AI score0.00384EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/06/03 9:9 p.m.10 views

GHSA-PJ2V-GGQH-CMQ2 Docling: Unsafe Playwright-based HTML Rendering

Impact In versions = 2.82.0, 2.91.0, if the HTML backend was explicitly configured for rendering rendering option by default deactivated, then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An...

8.2CVSS6.5AI score0.00384EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/03 12:0 a.m.20 views

PT-2026-46118

Name of the Vulnerable Software and Affected Versions Docling versions 2.82.0 through 2.90.x Description When the HTML backend is explicitly configured for rendering, the Playwright-based rendering feature allows JavaScript execution and unrestricted network access during the processing of...

8.2CVSS6.7AI score0.00384EPSS
Exploits0References9
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in JQuery

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing elements from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in JQuery

In jQuery, starting from version 1.12.0 and before 3.5.0, passing HTML from untrusted sources—even after sanitizing it—to one of jQuery’s DOM manipulation methods e.g., .html, .append, etc. may execute untrusted code. This issue has been fixed in jQuery 3.5.0...

6.9CVSS6.6AI score0.99019EPSS
Exploits7References2
RedhatCVE
RedhatCVE
added 2026/01/31 9:13 p.m.12 views

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS6.1AI score0.00713EPSS
Exploits1References1
NVD
NVD
added 2026/01/21 9:16 p.m.12 views

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

9.6CVSS0.00713EPSS
Exploits1References2
Drupal
Drupal
added 2025/12/03 12:0 a.m.10 views

Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117

This module allows uploading a zip file and extracting its content in the public file directory to serve this content from a Drupal website. These zip files may contain arbitrary HTML or SVG content that could allow cross-site scripting vulnerabilities. While this is an expected feature, the modu...

5.4CVSS5.5AI score0.00148EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2025/07/21 1:42 p.m.6 views

USN-7658-1: Drupal vulnerabilities

It was discovered that Drupal incorrectly parsed untrusted HTML. A remote attacker could possibly use this issue to execute arbitrary code...

6.9CVSS7.1AI score0.99019EPSS
Exploits11
OSV
OSV
added 2025/04/17 7:31 a.m.7 views

CLSA-2025-1744875112 gcc: Fix of CVE-2020-11023

CVE-2020-11023: Fix issue where untrusted HTML containing elements could execute untrusted code in DOM manipulation methods...

6.9CVSS6.8AI score0.8383EPSS
Exploits6References1
Rows per page
Query Builder