Lucene search
K

484 matches found

Debian CVE
Debian CVE
added 2026/06/22 3:27 p.m.5 views

CVE-2026-54265

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, an issue in the @angular/compiler package allows bypassing DOM property sanitization through the use of two-way property...

6.1CVSS5.8AI score0.00195EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/22 12:18 p.m.7 views

CVE-2026-42573

A flaw was found in Svelte, a web framework. An attacker could exploit a DOM clobbering vulnerability, which allows manipulation of the Document Object Model DOM to overwrite internal framework state on elements. This could potentially lead to Cross-Site Scripting XSS attacks, enabling the attack...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux - Vulnerability in Golang-1.19

The html/template package does not properly handle HTML-like “” comment tokens, nor hashbang “!” comment tokens, in contexts. This may cause the template parser to incorrectly interpret the contents of contexts, resulting in actions being incorrectly escaped. This could be exploited to carry out ...

6.1CVSS6.7AI score0.00815EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in ruby-rails-html-sanitizer

Possible XSS Vulnerability in Rails::Html::Sanitizer There is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. This vulnerability has been assigned the CVE identifier CVE-2022-32209. Vulnerabilities affected: ALL Not affected: NONEMeaning: Fixed versions: v1.4.3...

6.1CVSS6.5AI score0.2914EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.20 views

Astra Linux – Vulnerability in jsoup

jsoup is a Java HTML parser designed for HTML editing, cleaning, scraping, and XSS Cross-Site Scripting protection. However, jsoup may incorrectly sanitize HTML containing javascript: URLs, which could allow XSS attacks when a user clicks on those links. If the non-default...

6.1CVSS6.5AI score0.01208EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/16 11:43 p.m.7 views

Pi Agent: Potential XSS in HTML session exports via Markdown URL sanitization bypass

Potential XSS in HTML session exports via Markdown URL handling Pi HTML exports render session Markdown into a static HTML file. Affected versions did not consistently reject unsafe Markdown link and image URL schemes. In versions with scheme filtering, C0 control characters in the URL scheme cou...

2.5CVSS5.2AI score0.00132EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48990

Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.17.5 Description The software uses the allowedSchemesAppliedToAttributes variable to control the naughtyHref function, which is designed to block dangerous URI schemes such as javascript: and vbscript:. Howeve...

5.4CVSS5.2AI score0.00136EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:17 p.m.8 views

CVE-2026-42573

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

8.1CVSS0.00319EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42506

A flaw was found in golang.org/x/net/html. When parsing arbitrary HTML that is subsequently rendered, an unexpected HTML tree can be generated. A remote attacker could leverage this vulnerability to execute Cross-Site Scripting XSS attacks in applications that attempt to sanitize input HTML befor...

6.1CVSS6AI score0.00188EPSS
Exploits0References7
OSV
OSV
added 2026/05/26 7:5 p.m.13 views

GHSA-G2G4-47GV-P72V CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS

Summary CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags. Because the sanitizer only validates the src attribute of , and elements, and does not restrict other attributes, an attacker can inject arbitrary HTML through srcdoc. This completel...

6.1CVSS6AI score0.00242EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/26 7:5 p.m.34 views

CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Injection and Potential XSS

Summary CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags. Because the sanitizer only validates the src attribute of , and elements, and does not restrict other attributes, an attacker can inject arbitrary HTML through srcdoc. This completel...

6.1CVSS6AI score0.00242EPSS
Exploits0References4Affected Software1
Amazon
Amazon
added 2026/05/26 12:0 a.m.18 views

Important: golang-github-cpuguy83-md2man

Issue Overview: net/http: memory exhaustion in Request.ParseForm CVE-2025-61726 archive/zip: denial of service when parsing arbitrary ZIP archives CVE-2025-61728 Within HostnameError.Error, when constructing an error string, there is no limit to the number of hosts that will be printed out...

7.5CVSS7.1AI score0.01945EPSS
Exploits3
Amazon
Amazon
added 2026/05/26 12:0 a.m.23 views

Important: libcap

Issue Overview: Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value "refresh". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escapi...

7.5CVSS7.2AI score0.00813EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2026/05/22 4:16 p.m.11 views

CVE-2026-25681

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References6
CVE
CVE
added 2026/05/22 3:1 p.m.93 views

CVE-2026-42506

CVE-2026-42506 affects the Go ecosystem, specifically parsing in golang.org/x/net/html. The root cause is "invoking incorrect handling of namespaced elements in foreign content" which can produce an unexpected HTML tree during rendering. This can enable XSS in applications that sanitize input HTM...

6.1CVSS6AI score0.00188EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/22 3:1 p.m.6 views

CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00188EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/22 3:1 p.m.9 views

CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6AI score0.00178EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/16 12:0 a.m.23 views

SUSE SLED15 / SLES15 Security Update : go1.26 (SUSE-SU-2026:1861-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1861-1 advisory. This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling...

7.5CVSS6AI score0.00813EPSS
Exploits0References36
OSV
OSV
added 2026/05/14 10:34 p.m.7 views

SUSE-SU-2026:1862-1 Security update for go1.25

This update for go1.25 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool pack' does...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References25
Cvelist
Cvelist
added 2026/05/13 3:50 p.m.39 views

CVE-2026-45028 Astro: Server island encrypted parameters vulnerable to cross-component replay

Astro is a web framework. Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did not bind the ciphertext to its intended component or parameter type. An attacker could replay one component's encrypte...

6.3CVSS0.00144EPSS
Exploits0References3
Rows per page
Query Builder