368901 matches found
CVE-2026-45710
Technical details for CVE-2026-45710 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-48819
Technical details for CVE-2026-48819 are not publicly available in the provided documents. Monitor for updates from the reserving organization once disclosed.
CVE-2026-54074
CVE-2026-54074 affects @tinacms/cli (pre-2.4.3) used with TinaCMS. A Forestry-to-Tina migration path unquotes values in user-controlled YAML fields via the TINA_INTERNAL marker, allowing injection of arbitrary JavaScript into the generated tina/templates.{ts,js} file. The code executes at module ...
CVE-2026-55661
CVE-2026-55661 affects TinaCMS rich-text rendering (Slate JSON) where the url field on Slate link/image nodes was not sanitized, allowing stored XSS via dangerous URL schemes such as javascript: or data:text/html. Affected versions include tinacms/mdx <2.1.7 and tinacms =2.1.7 and tinacms >...
CVE-2026-44938
Technical details for CVE-2026-44938 are not publicly available in the provided documents; no affected products, impact, or remediation are disclosed. Monitor for updates.
CVE-2026-58263
CVE-2026-58263 affects Jodit Editor prior to 4.12.28. The built‑in clean-html sanitizer can be bypassed via a MathML/ carrier, allowing a no‑interaction event handler (e.g., onload) to survive in the editor value. When attacker‑supplied HTML is rendered (element.innerHTML = editor.value), the han...
CVE-2026-49457
Technical details for CVE-2026-49457 are not publicly available in the provided documents. No affected products, root cause, or remediation are specified. Monitor for updates.
CVE-2026-54756
The CVE pertains to Jodit Editor (TypeScript WYSIWYG) where versions prior to 4.12.18 expose a Prototype Pollution risk via Jodit.configure(options) and internal ConfigMerge/ConfigProto, which may merge user-controlled options (e.g., under a plain-object option like controls) into Object.prototyp...
CVE-2026-49998
Technical details for CVE-2026-49998 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-55886
CVE-2026-55886 — Jodit Prototype Pollution Affected software: Jodit Editor (npm package) up to version 4.12.25 (vulnerability fixed in 4.12.26). Root cause: Prototype pollution via Jodit.modules.Helpers.set(chain, value, obj) which walks a dot-separated path and creates path segments without filt...
CVE-2026-49997
Technical details for CVE-2026-49997 are not publicly available in the provided documents. The entry is reserved/placeholder. Monitor for updates as information may be released in the future.
CVE-2026-50521
CVE-2026-50521 : Use-after-free in Microsoft Edge (Chromium-based) allows an authorized attacker to execute code over a network. The vulnerability has a CVSS v3.1 base score of 8.3 (High) with network attack vector, low attack complexity, required privileges, no user interaction, and impact to co...
CVE-2026-54786
Wasmtime’s native WASIp1 fd_renumber implementation leaks host resources because the guest-facing fd_renumber updates only the WASIp1 descriptor table, not the host’s underlying table. This affects wasm runtimes that expose fd_renumber and allow file descriptors; affected versions include all pri...
CVE-2026-54161
Technical details for CVE-2026-54161 are not publicly available in the provided documents; no affected products, impact, or remediation are listed. Monitor for updates from trusted sources.
CVE-2026-55153
CVE-2026-55153 affects mchange-commons-java before 0.6.0, where the JNDI ObjectFactory (com.mchange.v2.naming.JavaBeanObjectFactory) constructs arbitrary JavaBean properties, enabling JNDI injection and deserialization gadget abuse in some classes. An example is setting a Swing JEditorPane’s cont...
CVE-2026-48815
Technical details for CVE-2026-48815 are not publicly available in the provided documents. No affected products, vectors, or remediation information are disclosed. Monitor for updates.
CVE-2026-48816
Technical details for CVE-2026-48816 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-49989
Technical details for CVE-2026-49989 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-55688
Affected software: AsyncHttpClient (AHC) library for Java. Vulnerable versions: 2.0.0 up to (but not including) 2.16.0, and 3.0.0.Beta1 up to (but not including) 3.0.11. Root cause: ThreadSafeCookieStore may store a cookie using the.Domain value without validating that the responding host is allo...
CVE-2026-36541
Technical details are not publicly available in the provided documents for CVE-2026-36541; no affected products, vectors, or remediation are described. Monitor for updates.