Lucene search
K

16933 matches found

Snyk
Snyk
added 5 days ago5 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the safeurl function. An attacker can execute arbitrary scripts in the rendered HTML by supplying specially crafted percent-encoded javascript URIs in Markdown links or images. Details Cross-site scripting o...

6.1CVSS6.2AI score0.00199EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 6 days ago6 views

CVE-2026-59153

Anki is a program for creating and reviewing flashcards. Prior to 25.09.3, Anki launches a local HTTP server to serve media files and web pages for parts of its interface, but requests from other origins were not sufficiently blocked. A malicious website could potentially trigger side-effecting...

2.1CVSS6AI score0.00181EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/07/02 12:17 p.m.7 views

CVE-2026-57762

Author Cross Site Scripting XSS in Simple URLs = 151 versions...

5.9CVSS0.00148EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/07/01 11:9 a.m.5 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS7.5AI score0.00263EPSS
Exploits1References7
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40431

Crawl4AI before 0.8.7 contains an arbitrary JavaScript execution vulnerability in the Docker API server's /executejs endpoint, which accepts and executes arbitrary user-supplied JavaScript in the server's browser context with --disable-web-security enabled. An attacker can execute arbitrary...

9.2CVSS6.2AI score0.00334EPSS
Exploits0References4
EUVD
EUVD
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40520

Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00297EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.6 views

CVE-2026-13883

Type Confusion in ANGLE in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Medium...

9.6CVSS5.8AI score0.00306EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-54089

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 150.0.7871.47 Description Insufficient validation of untrusted input allows a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. This occurs when a user is convinced to...

9.8CVSS6.2AI score0.00413EPSS
Exploits0References447
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-54889

Improper Neutralization of Input During Web Page Generation XSS vulnerability in leandrocp mdex allows cross-site scripting via unsanitized URL schemes in Quill Delta output. 'Elixir.MDEx':todelta/2 converts Markdown into a Quill Delta. 'Elixir.MDEx.DeltaConverter':defaultconvertnode/3 in...

5.1CVSS0.0031EPSS
Exploits0References4
CVE
CVE
added 2026/06/25 4:33 a.m.31 views

CVE-2026-10712

GitLab CVE-2026-10712 affects GitLab CE/EE with versions 18.10 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1. The issue is described as improper path validation that could, under certain conditions, allow an unauthenticated user to execute arbitrary JavaScript in a user’s browser ses...

8CVSS6.1AI score0.00222EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/24 9:16 p.m.5 views

CVE-2026-52798

Gogs is an open source self-hosted Git service. Prior to 0.14.3, although .ipynb previews are sanitized on the server side via /-/api/sanitizeipynb, the inserted content is re-rendered on the client side without sanitization using marked on elements with the .nb-markdown-cell class. During this...

8.9CVSS0.00429EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 5:17 p.m.5 views

DEBIAN-CVE-2026-50019

yt-dlp is a command-line audio/video downloader. From 2023.09.24 until 2026.06.09, if curl is used as an external downloader for yt-dlp, cookies may be leaked to an unintended host upon HTTP redirect or when the host for download fragments differs from their parent manifest's. At the file downloa...

7.4CVSS5.8AI score0.00268EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 12:13 p.m.9 views

EUVD-2026-38435

Flowise before 3.1.0 contains a server-side request forgery vulnerability in the Execute Flow node that allows attackers to bypass security validation by providing intranet addresses through the base URL field. Attackers can initiate HTTP requests to internal network addresses, access cloud...

6CVSS5.9AI score0.00183EPSS
Exploits1References2
Circl
Circl
added 2026/06/19 8:37 p.m.10 views

CVE-2008-6557

creationtimestamp| type| source ---|---|--- 2026-06-19 20:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3moo72rsqmo2a...

10CVSS5.8AI score0.0317EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/06/19 7:36 p.m.9 views

jupyterlab-git extension: Stored XSS leading to RCE

Overview Amazon Web Services AWS Security has identified a stored cross-site scripting XSS issue in the jupyterlab-git JupyterLab extension that can lead to remote code execution RCE. The issue exists in the PlainTextDiff.ts component, where the createHeader method passes Git filenames directly t...

9.3CVSS6.7AI score0.00284EPSS
Exploits1References2Affected Software3
Cvelist
Cvelist
added 2026/06/18 11:37 p.m.41 views

CVE-2026-12048 pgAdmin 4: Stored XSS via untrusted error and plan-node text rendered through html-react-parser

Stored cross-site scripting in pgAdmin 4's error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server ErrorResponse messages, including object names quoted back inside relation-does-not-exist errors and inside EXPLAIN Recheck Cond / Exact Heap Blocks fields was passed...

9.3CVSS0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.27 views

PT-2026-50788

Name of the Vulnerable Software and Affected Versions Node.js versions prior to 26.3.1-1.1 Description Security issues were identified in Node.js that could compromise server infrastructure. Recommendations Update to version 26.3.1-1.1...

9.8CVSS6.7AI score0.26356EPSS
Exploits0References166
Github Security Blog
Github Security Blog
added 2026/06/17 6:41 p.m.13 views

Filament: Disabled RichEditor field state can be used for XSS

In Filament v3, a disabled RichEditor field rendered its raw state without sanitizing HTML. Where the data stored in this field's state isn't sanitized already when the form state was filled, an attacker could plant malicious HTML or JavaScript and achieve XSS that executes for users who view the...

7.6CVSS5.2AI score0.00168EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.11 views

PT-2026-50162

Name of the Vulnerable Software and Affected Versions Caddy versions prior to 2.11.4 Description Caddy is an extensible server platform that uses TLS by default. The stripHTML template function, specifically within the funcStripHTML function, cannot reliably remove all HTML tags from input string...

4.2CVSS6AI score0.00153EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2026/06/12 9:37 p.m.74 views

ember

🔥 Ember AI systems burn brightly but hide their secrets. Em...

5.3AI score
Exploits0
Rows per page
Query Builder