CWE-116
Allowed-with-ReviewImproper Encoding or Escaping of Output
Abstraction: Class · Status: Draft
The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
610 vulnerabilities reference this CWE, most recent first.
CVE-2026-62184 (GCVE-0-2026-62184)
Vulnerability from cvelistv5 – Published: 2026-07-13 21:30 – Updated: 2026-07-14 22:03 X_Open Source- CWE-116 - Improper Encoding or Escaping of Output
| URL | Tags |
|---|---|
| https://github.com/openwrt/luci/security/advisori… | vendor-advisory |
| https://github.com/openwrt/luci/commit/d9bbc372e2… | patch |
| https://www.vulncheck.com/advisories/luci-app-ban… | third-party-advisory |
| Vendor | Product | Version | |
|---|---|---|---|
| openwrt | luci-app-banip |
Affected:
0 , ≤ 0.11.1
(semver)
Unaffected: d9bbc372e29618a8807b693a1ccf6d0e42cd196c (git) |
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"packageURL": "pkg:github/openwrt/luci",
"product": "luci-app-banip",
"repo": "https://github.com/openwrt/luci",
"vendor": "openwrt",
"versions": [
{
"lessThanOrEqual": "0.11.1",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "d9bbc372e29618a8807b693a1ccf6d0e42cd196c",
"versionType": "git"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "lujie (@lujiefsi)"
}
],
"datePublic": "2026-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "luci-app-banip contains a log parsing vulnerability where the awk-based parser extracts the first IPv4 address from log lines regardless of field position, allowing attackers to inject arbitrary IPs via attacker-controlled fields like usernames. An unauthenticated remote attacker can inject an IP address into the login username field, causing banIP to block the wrong target while the real attacker remains unblocked."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T22:03:46.298Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-r6hx-4f83-vp8m)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/openwrt/luci/security/advisories/GHSA-r6hx-4f83-vp8m"
},
{
"name": "Patch Commit",
"tags": [
"patch"
],
"url": "https://github.com/openwrt/luci/commit/d9bbc372e29618a8807b693a1ccf6d0e42cd196c"
},
{
"name": "VulnCheck Advisory: luci-app-banip Log Monitor IP Extraction Bypass",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/luci-app-banip-log-monitor-ip-extraction-bypass"
}
],
"tags": [
"x_open-source"
],
"title": "luci-app-banip Log Monitor IP Extraction Bypass",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-62184",
"datePublished": "2026-07-13T21:30:09.248Z",
"dateReserved": "2026-07-13T16:36:32.094Z",
"dateUpdated": "2026-07-14T22:03:46.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59895 (GCVE-0-2026-59895)
Vulnerability from cvelistv5 – Published: 2026-07-08 16:09 – Updated: 2026-07-08 19:41| URL | Tags |
|---|---|
| https://github.com/honojs/hono/security/advisorie… | x_refsource_CONFIRM |
| https://github.com/honojs/hono/commit/cd3f6f7194f… | x_refsource_MISC |
| https://github.com/honojs/hono/releases/tag/v4.12.27 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59895",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-08T17:50:18.277447Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T19:41:04.292Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hono",
"vendor": "honojs",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.0.0, \u003c 4.12.27"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hono is a Web application framework that provides support for any JavaScript runtime. From 4.0.0 before 4.12.27, cx() in hono/css composes class names from plain strings but marks the result as already escaped without HTML-escaping the input, allowing untrusted className values used in a JSX class attribute during server-side rendering to break out of the attribute and inject arbitrary markup. This issue is fixed in version 4.12.27."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-08T16:09:51.273Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/honojs/hono/security/advisories/GHSA-w62v-xxxg-mg59",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/honojs/hono/security/advisories/GHSA-w62v-xxxg-mg59"
},
{
"name": "https://github.com/honojs/hono/commit/cd3f6f7194f0e5c9d4b26ae0cf232018d0f388fc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/honojs/hono/commit/cd3f6f7194f0e5c9d4b26ae0cf232018d0f388fc"
},
{
"name": "https://github.com/honojs/hono/releases/tag/v4.12.27",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/honojs/hono/releases/tag/v4.12.27"
}
],
"source": {
"advisory": "GHSA-w62v-xxxg-mg59",
"discovery": "UNKNOWN"
},
"title": "Hono: Server-Side XSS via JSX Escaping Bypass in cx() Utility"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59895",
"datePublished": "2026-07-08T16:09:51.273Z",
"dateReserved": "2026-07-07T16:40:07.983Z",
"dateUpdated": "2026-07-08T19:41:04.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-59833 (GCVE-0-2026-59833)
Vulnerability from cvelistv5 – Published: 2026-07-09 22:17 – Updated: 2026-07-10 14:17| URL | Tags |
|---|---|
| https://github.com/siyuan-note/siyuan/security/ad… | x_refsource_CONFIRM |
| https://github.com/siyuan-note/siyuan/commit/ebe2… | x_refsource_MISC |
| https://github.com/siyuan-note/siyuan/releases/ta… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| siyuan-note | siyuan |
Affected:
< 3.7.1
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-59833",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-10T14:15:26.840084Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T14:17:16.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "siyuan",
"vendor": "siyuan-note",
"versions": [
{
"status": "affected",
"version": "\u003c 3.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.1, SiYuan renders note and package content to HTML through the Lute engine with sanitization enabled, but Lute\u0027s dangerous javascript scheme block does not check form action or SVG xlink:href attributes, allowing stored cross-site scripting in document export-preview and Bazaar package README render paths that can execute OS commands in the Electron desktop renderer. This issue is fixed in versions 3.7.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-09T22:17:05.933Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-97xv-3v84-h358"
},
{
"name": "https://github.com/siyuan-note/siyuan/commit/ebe252e61fb93f258d083b9da0fa403679fdf94a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/siyuan-note/siyuan/commit/ebe252e61fb93f258d083b9da0fa403679fdf94a"
},
{
"name": "https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/siyuan-note/siyuan/releases/tag/v3.7.1"
}
],
"source": {
"advisory": "GHSA-97xv-3v84-h358",
"discovery": "UNKNOWN"
},
"title": "SiYuan: Stored XSS to RCE in SiYuan via a per-attribute URL-scheme sanitizer gap in Lute (form action / SVG xlink:href)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-59833",
"datePublished": "2026-07-09T22:17:05.933Z",
"dateReserved": "2026-07-07T15:00:50.979Z",
"dateUpdated": "2026-07-10T14:17:16.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-58487 (GCVE-0-2026-58487)
Vulnerability from cvelistv5 – Published: 2026-07-13 21:59 – Updated: 2026-07-13 21:59| URL | Tags |
|---|---|
| https://github.com/hedgedoc/hedgedoc/security/adv… | x_refsource_CONFIRM |
{
"containers": {
"cna": {
"affected": [
{
"product": "hedgedoc",
"vendor": "hedgedoc",
"versions": [
{
"status": "affected",
"version": "\u003c 1.11.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to version 1.11.0, due to unsafe handling of the local-part of registered email addresses, HedgeDoc was vulnerable to stored HTML Injection through its publish and slide views. An attacker could register a specially crafted email address and inject arbitrary HTML into pages viewed by other users. HedgeDoc accepted RFC 5321 quoted-string local-parts in email addresses during registration. The local-part was then reused as the user\u0027s display name without escaping and rendered into HTML in multiple places, including publish and slide views as well as the collaborative editor. An attacker could break out of an HTML attribute and inject arbitrary markup into the page. While the deployed Content-Security-Policy prevented straightforward inline JavaScript execution, the injected HTML was still sufficient to alter page content and embed attacker-controlled resources such as cross-origin iframes. This issue was fixed in version 1.11.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T21:59:27.436Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-6c2w-8w96-3pcv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-6c2w-8w96-3pcv"
}
],
"source": {
"advisory": "GHSA-6c2w-8w96-3pcv",
"discovery": "UNKNOWN"
},
"title": "HedgeDoc: Stored HTML injection via email local-part"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-58487",
"datePublished": "2026-07-13T21:59:27.436Z",
"dateReserved": "2026-06-30T20:21:25.812Z",
"dateUpdated": "2026-07-13T21:59:27.436Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-56379 (GCVE-0-2026-56379)
Vulnerability from cvelistv5 – Published: 2026-06-23 12:13 – Updated: 2026-07-15 00:42| URL | Tags |
|---|---|
| https://github.com/ImageMagick/ImageMagick/securi… | vendor-advisory |
| https://www.vulncheck.com/advisories/imagemagick-… | third-party-advisory |
| https://access.redhat.com/security/cve/CVE-2026-56379 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2491700 | issue-trackingx_refsource_REDHAT |
| https://security.access.redhat.com/data/csaf/v2/v… | x_sadp-csaf-vex |
| https://access.redhat.com/errata/RHSA-2026:32961 | vendor-advisoryx_refsource_REDHAT |
| Vendor | Product | Version | |
|---|---|---|---|
| ImageMagick | ImageMagick |
Affected:
0 , < 7.1.2-15
(semver)
Unaffected: 7.1.2-15 (semver) |
|
| ImageMagick | ImageMagick |
Affected:
0 , < 6.9.13-40
(semver)
Unaffected: 6.9.13-40 (semver) |
|
| Red Hat | Red Hat Enterprise Linux 7 Extended Lifecycle Support |
Unaffected:
0:6.9.10.68-17.el7_9 , < *
(rpm)
cpe:/o:redhat:rhel_els:7 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-56379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T13:58:05.952386Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T13:58:13.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_els:7"
],
"defaultStatus": "affected",
"packageName": "ImageMagick",
"product": "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:6.9.10.68-17.el7_9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "ImageMagick",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
}
],
"datePublic": "2026-06-23T12:13:05.492Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in ImageMagick. This command injection vulnerability in the SVG (Scalable Vector Graphics) decoder allows a remote attacker to craft malicious SVG files. When these files are processed, the injected Magick Vector Graphics (MVG) commands can execute, potentially leading to arbitrary code execution on the affected system."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Important"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-15T00:42:36.269Z",
"orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
"shortName": "redhat-SADP"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2026-56379"
},
{
"name": "RHBZ#2491700",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2491700"
},
{
"tags": [
"x_sadp-csaf-vex"
],
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-56379.json"
},
{
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2026:32961"
}
],
"solutions": [
{
"lang": "en",
"value": "RHSA-2026:32961: Red Hat Enterprise Linux Server (v. 7 ELS), Red Hat Enterprise Linux Server Optional (v. 7 ELS)"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-23T13:01:13.843Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2026-06-23T12:13:05.492Z",
"value": "Made public."
}
],
"title": "ImageMagick: ImageMagick: Arbitrary code execution via SVG decoder command injection",
"workarounds": [
{
"lang": "en",
"value": "Restrict ImageMagick processing capabilities via policy.xml, disabling the SVG coder and restricting delegates to prevent injection escalation to OS command execution. Enforce mandatory access control (SELinux/AppArmor) combined with seccomp syscall filtering to block execve. For systemd services, enable NoNewPrivileges, ProtectSystem=strict, ProtectHome=true, and PrivateDevices=true."
}
],
"x_adpType": "supplier",
"x_generator": {
"engine": "sadp-cli 1.0.0"
}
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ImageMagick",
"vendor": "ImageMagick",
"versions": [
{
"lessThan": "7.1.2-15",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "7.1.2-15",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "ImageMagick",
"vendor": "ImageMagick",
"versions": [
{
"lessThan": "6.9.13-40",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"status": "unaffected",
"version": "6.9.13-40",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.2-15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:imagemagick:imagemagick:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.13-40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "phenggeler"
}
],
"datePublic": "2026-02-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ImageMagick before 7.1.2-15 and 6.9.13-40 contains a command injection vulnerability in the SVG decoder that allows attackers to inject arbitrary MVG drawing commands. Attackers can craft malicious SVG files with injected Magick Vector Graphics commands that execute during rendering."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-02T14:07:01.497Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "GitHub Security Advisory (GHSA-xpg8-7m6m-jf56)",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-xpg8-7m6m-jf56"
},
{
"name": "VulnCheck Advisory: ImageMagick - Command Injection via SVG Decoder",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/imagemagick-command-injection-via-svg-decoder"
}
],
"title": "ImageMagick - Command Injection via SVG Decoder",
"x_generator": {
"engine": "vulncheck-endgame"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2026-56379",
"datePublished": "2026-06-23T12:13:05.492Z",
"dateReserved": "2026-06-21T02:05:47.495Z",
"dateUpdated": "2026-07-15T00:42:36.269Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55659 (GCVE-0-2026-55659)
Vulnerability from cvelistv5 – Published: 2026-07-10 20:57 – Updated: 2026-07-13 16:01| URL | Tags |
|---|---|
| https://github.com/gristlabs/grist-core/security/… | x_refsource_CONFIRM |
| https://github.com/gristlabs/grist-core/commit/4c… | x_refsource_MISC |
| https://github.com/gristlabs/grist-core/releases/… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| gristlabs | grist-core |
Affected:
< 1.7.15
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-13T16:01:16.076169Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-13T16:01:23.973Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "grist-core",
"vendor": "gristlabs",
"versions": [
{
"status": "affected",
"version": "\u003c 1.7.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, several server-rendered Grist pages embedded user-controlled values into the page and into inline scripts without fully escaping them, allowing cross-site scripting. On the main application page, a document\u0027s name or description, set by a document editor, is rendered into the page that other users load when opening the document. On the OAuth2 end-of-flow page, the openerOrigin request parameter was reflected back into the served page. Injected script runs in the victim\u0027s Grist origin and can act through the authenticated session, reading or modifying data and changing sharing settings and access rules. A document editor could therefore escalate to owner-level access. This issue is fixed in version 1.7.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-10T20:57:39.281Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/gristlabs/grist-core/security/advisories/GHSA-6qrq-h2h6-cw54",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/gristlabs/grist-core/security/advisories/GHSA-6qrq-h2h6-cw54"
},
{
"name": "https://github.com/gristlabs/grist-core/commit/4ced8064b7ea0e1763d5a6a2588b22774ce7efbc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gristlabs/grist-core/commit/4ced8064b7ea0e1763d5a6a2588b22774ce7efbc"
},
{
"name": "https://github.com/gristlabs/grist-core/releases/tag/v1.7.15",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gristlabs/grist-core/releases/tag/v1.7.15"
}
],
"source": {
"advisory": "GHSA-6qrq-h2h6-cw54",
"discovery": "UNKNOWN"
},
"title": "Grist: XSS through unsafe value interpolation in server-rendered pages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55659",
"datePublished": "2026-07-10T20:57:39.281Z",
"dateReserved": "2026-06-17T00:05:03.777Z",
"dateUpdated": "2026-07-13T16:01:23.973Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-55570 (GCVE-0-2026-55570)
Vulnerability from cvelistv5 – Published: 2026-06-24 21:24 – Updated: 2026-06-25 13:49| URL | Tags |
|---|---|
| https://github.com/siyuan-note/siyuan/security/ad… | x_refsource_CONFIRM |
| Vendor | Product | Version | |
|---|---|---|---|
| siyuan-note | siyuan |
Affected:
< 3.7.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-55570",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T13:49:21.857553Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T13:49:44.646Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x88j-wgpr-h22x"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "siyuan",
"vendor": "siyuan-note",
"versions": [
{
"status": "affected",
"version": "\u003c 3.7.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, it does not escape the untrusted fields (name, version, author, description) when they are serialized into the data-obj HTML attribute of each marketplace card. Because the attribute is single-quoted and the value is produced with JSON.stringify() (which does not escape \u0027, \u003c, or \u003e), a package whose name contains a single quote breaks out of the attribute and injects arbitrary HTML. In the desktop client the main BrowserWindow runs with nodeIntegration: true, contextIsolation: false, so the injected markup escalates from DOM XSS to arbitrary OS command execution. This is the same root cause and same impact as the original advisory, reached through a sibling sink the patch did not cover. This vulnerability is fixed in 3.7.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T21:24:21.266Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x88j-wgpr-h22x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/siyuan-note/siyuan/security/advisories/GHSA-x88j-wgpr-h22x"
}
],
"source": {
"advisory": "GHSA-x88j-wgpr-h22x",
"discovery": "UNKNOWN"
},
"title": "SiYuan: Stored XSS results to Electron RCE in SiYuan marketplace via unescaped `data-obj` attribute (Bypass for CVE-2026-45375\u0027s patch)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-55570",
"datePublished": "2026-06-24T21:24:21.266Z",
"dateReserved": "2026-06-16T23:11:20.214Z",
"dateUpdated": "2026-06-25T13:49:44.646Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54893 (GCVE-0-2026-54893)
Vulnerability from cvelistv5 – Published: 2026-07-06 14:04 – Updated: 2026-07-07 04:32- CWE-116 - Improper Encoding or Escaping of Output
| URL | Tags |
|---|---|
| https://github.com/swoosh/swoosh/security/advisor… | vendor-advisoryrelated |
| https://cna.erlef.org/cves/CVE-2026-54893.html | related |
| https://osv.dev/vulnerability/EEF-CVE-2026-54893 | related |
| https://github.com/swoosh/swoosh/commit/e38235453… | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54893",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T15:36:04.140981Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T15:36:16.097Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.hex.pm",
"cpes": [
"cpe:2.3:a:swoosh:swoosh:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"\u0027Elixir.Swoosh.Adapters.MsGraph\u0027"
],
"packageName": "swoosh",
"packageURL": "pkg:hex/swoosh",
"product": "swoosh",
"programFiles": [
"lib/swoosh/adapters/ms_graph.ex"
],
"programRoutines": [
{
"name": "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027:deliver/2"
},
{
"name": "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027:api_endpoint_url/2"
}
],
"repo": "https://github.com/swoosh/swoosh",
"vendor": "swoosh",
"versions": [
{
"lessThan": "1.26.3",
"status": "affected",
"version": "1.12.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://github.com",
"cpes": [
"cpe:2.3:a:swoosh:swoosh:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"modules": [
"\u0027Elixir.Swoosh.Adapters.MsGraph\u0027"
],
"packageName": "swoosh/swoosh",
"packageURL": "pkg:github/swoosh/swoosh",
"product": "swoosh",
"programFiles": [
"lib/swoosh/adapters/ms_graph.ex"
],
"programRoutines": [
{
"name": "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027:deliver/2"
},
{
"name": "\u0027Elixir.Swoosh.Adapters.MsGraph\u0027:api_endpoint_url/2"
}
],
"repo": "https://github.com/swoosh/swoosh",
"vendor": "swoosh",
"versions": [
{
"lessThan": "e38235453e81d1727bfc8d91e69ec4cb211ccf61",
"status": "affected",
"version": "23bfcdab71aee4613858ba6d116bb3311b72aa58",
"versionType": "git"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThis vulnerability only affects applications that use \u003ctt\u003eSwoosh.Adapters.MsGraph\u003c/tt\u003e and derive the email \u003ctt\u003efrom\u003c/tt\u003e address from untrusted or user-influenced input (for example a relay, a contact form, or a \"send as\" feature). Applications that always send with a fixed, trusted \u003ctt\u003efrom\u003c/tt\u003e address are not affected.\u003c/p\u003e"
}
],
"value": "This vulnerability only affects applications that use Swoosh.Adapters.MsGraph and derive the email \"from\" address from untrusted or user-influenced input (for example a relay, a contact form, or a \"send as\" feature). Applications that always send with a fixed, trusted \"from\" address are not affected."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:swoosh:swoosh:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.26.3",
"versionStartIncluding": "1.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Ullrich"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Po Chen"
},
{
"lang": "en",
"type": "analyst",
"value": "Jonatan M\u00e4nnchen"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eURL path injection in the Microsoft Graph adapter of Swoosh. \u003ctt\u003eSwoosh.Adapters.MsGraph\u003c/tt\u003e builds its Microsoft Graph API request URL by interpolating the sender\u0027s email address into the URL path (\u003ctt\u003e/users/{from}/sendMail\u003c/tt\u003e) without percent-encoding or validation.\u003c/p\u003e\u003cp\u003eIn applications that derive the \u003ctt\u003efrom\u003c/tt\u003e address from untrusted or user-influenced input (for example a relay, a contact form, or a \"send as\" feature), an attacker can place URL-special characters such as \u003ctt\u003e/\u003c/tt\u003e, \u003ctt\u003e?\u003c/tt\u003e, or \u003ctt\u003e#\u003c/tt\u003e in the local part of the address to escape the intended path segment and rewrite the path and query string of the request. Because the same authenticated \u003ctt\u003ePOST\u003c/tt\u003e is sent with the application\u0027s Microsoft Graph bearer token, the attacker can redirect it to other Graph endpoints within the token\u0027s scopes and control the request\u0027s query string. Applications that always use a fixed, trusted \u003ctt\u003efrom\u003c/tt\u003e address are not affected.\u003c/p\u003e\u003cp\u003eThis issue affects swoosh from 1.12.0 before 1.26.3.\u003c/p\u003e"
}
],
"value": "URL path injection in the Microsoft Graph adapter of Swoosh. Swoosh.Adapters.MsGraph builds its Microsoft Graph API request URL by interpolating the sender\u0027s email address into the URL path (/users/{from}/sendMail) without percent-encoding or validation.\n\nIn applications that derive the from address from untrusted or user-influenced input (for example a relay, a contact form, or a \"send as\" feature), an attacker can place URL-special characters such as /, ?, or # in the local part of the address to escape the intended path segment and rewrite the path and query string of the request. Because the same authenticated POST is sent with the application\u0027s Microsoft Graph bearer token, the attacker can redirect it to other Graph endpoints within the token\u0027s scopes and control the request\u0027s query string. Applications that always use a fixed, trusted from address are not affected.\n\nThis issue affects swoosh from 1.12.0 before 1.26.3."
}
],
"impacts": [
{
"capecId": "CAPEC-664",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-664 Server Side Request Forgery"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.1,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116 Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T04:32:26.465Z",
"orgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"shortName": "EEF"
},
"references": [
{
"tags": [
"vendor-advisory",
"related"
],
"url": "https://github.com/swoosh/swoosh/security/advisories/GHSA-754j-98wh-57rf"
},
{
"tags": [
"related"
],
"url": "https://cna.erlef.org/cves/CVE-2026-54893.html"
},
{
"tags": [
"related"
],
"url": "https://osv.dev/vulnerability/EEF-CVE-2026-54893"
},
{
"tags": [
"patch"
],
"url": "https://github.com/swoosh/swoosh/commit/e38235453e81d1727bfc8d91e69ec4cb211ccf61"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Email-derived URL path injection in the Swoosh Microsoft Graph adapter",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eValidate or reject sender addresses that contain characters outside the allowed RFC 5321 set (in particular \u003ctt\u003e/\u003c/tt\u003e, \u003ctt\u003e?\u003c/tt\u003e, \u003ctt\u003e#\u003c/tt\u003e, and \u003ctt\u003e..\u003c/tt\u003e) before passing the email to the adapter. Alternatively, set a static \u003ctt\u003e:url\u003c/tt\u003e in the adapter configuration, which bypasses interpolation of the \u003ctt\u003efrom\u003c/tt\u003e address into the request path.\u003c/p\u003e"
}
],
"value": "Validate or reject sender addresses that contain characters outside the allowed RFC 5321 set (in particular /, ?, #, and ..) before passing the email to the adapter. Alternatively, set a static :url in the adapter configuration, which bypasses interpolation of the from address into the request path."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6b3ad84c-e1a6-4bf7-a703-f496b71e49db",
"assignerShortName": "EEF",
"cveId": "CVE-2026-54893",
"datePublished": "2026-07-06T14:04:16.486Z",
"dateReserved": "2026-06-16T10:47:13.915Z",
"dateUpdated": "2026-07-07T04:32:26.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54699 (GCVE-0-2026-54699)
Vulnerability from cvelistv5 – Published: 2026-06-24 17:26 – Updated: 2026-06-25 13:18| URL | Tags |
|---|---|
| https://github.com/warpdotdev/warp/security/advis… | x_refsource_CONFIRM |
| https://github.com/warpdotdev/warp/commit/c66cff4… | x_refsource_MISC |
| Vendor | Product | Version | |
|---|---|---|---|
| warpdotdev | warp |
Affected:
>= 0.2024.03.12.08.02.stable_01, < 0.2026.05.13.09.15.stable_01
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-25T13:18:26.007037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-25T13:18:33.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "warp",
"vendor": "warpdotdev",
"versions": [
{
"status": "affected",
"version": "\u003e= 0.2024.03.12.08.02.stable_01, \u003c 0.2026.05.13.09.15.stable_01"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Warp is an agentic development environment. From 0.2024.03.12.08.02.stable_01 until 0.2026.05.06.15.42.stable_01, Warp contains an OS command injection vulnerability in the WSL URL-opening fallback. When Warp is running under WSL and cannot open a URL through wslview, it falls back to a Windows command processor path. A URL controlled through terminal output can reach that fallback when the user opens the link. This vulnerability is fixed in 0.2026.05.06.15.42.stable_01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-24T17:26:57.170Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/warpdotdev/warp/security/advisories/GHSA-xmw3-wj6r-48m4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/warpdotdev/warp/security/advisories/GHSA-xmw3-wj6r-48m4"
},
{
"name": "https://github.com/warpdotdev/warp/commit/c66cff48afba73bb1f26f82e5d524018bacb748e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/warpdotdev/warp/commit/c66cff48afba73bb1f26f82e5d524018bacb748e"
}
],
"source": {
"advisory": "GHSA-xmw3-wj6r-48m4",
"discovery": "UNKNOWN"
},
"title": "Warp: OS command injection when opening terminal links from WSL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54699",
"datePublished": "2026-06-24T17:26:57.170Z",
"dateReserved": "2026-06-15T22:58:06.562Z",
"dateUpdated": "2026-06-25T13:18:33.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54287 (GCVE-0-2026-54287)
Vulnerability from cvelistv5 – Published: 2026-06-22 17:13 – Updated: 2026-06-22 17:36- CWE-116 - Improper Encoding or Escaping of Output
| URL | Tags |
|---|---|
| https://github.com/honojs/hono/security/advisorie… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54287",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-22T17:36:53.535644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:36:59.514Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "hono",
"vendor": "honojs",
"versions": [
{
"status": "affected",
"version": "\u003c 4.12.25"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.25, on AWS Lambda, the ALB single-header response and the VPC Lattice v2 response join multiple Set-Cookie headers into one comma-separated value. Because commas also appear inside cookie attributes (for example Expires dates), clients cannot split the value back into individual cookies and silently drop or misparse them. This vulnerability is fixed in 4.12.25."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T17:13:14.947Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/honojs/hono/security/advisories/GHSA-j6c9-x7qj-28xf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/honojs/hono/security/advisories/GHSA-j6c9-x7qj-28xf"
}
],
"source": {
"advisory": "GHSA-j6c9-x7qj-28xf",
"discovery": "UNKNOWN"
},
"title": "Hono: AWS Lambda adapter merges multiple `Set-Cookie` headers into one value, dropping cookies on ALB single-header and Lattice"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54287",
"datePublished": "2026-06-22T17:13:14.947Z",
"dateReserved": "2026-06-12T17:46:37.292Z",
"dateUpdated": "2026-06-22T17:36:59.514Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation MIT-4.3
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using the ESAPI Encoding control [REF-45] or a similar tool, library, or framework. These will help the programmer encode outputs in a manner less prone to error.
- Alternately, use built-in functions, but consider using wrappers in case those functions are discovered to have a vulnerability.
Mitigation MIT-27
Strategy: Parameterization
- If available, use structured mechanisms that automatically enforce the separation between data and code. These mechanisms may be able to provide the relevant quoting, encoding, and validation automatically, instead of relying on the developer to provide this capability at every point where output is generated.
- For example, stored procedures can enforce database query structure and reduce the likelihood of SQL injection.
Mitigation
Understand the context in which your data will be used and the encoding that will be expected. This is especially important when transmitting data between different components, or when generating outputs that can contain multiple encodings at the same time, such as web pages or multi-part mail messages. Study all expected communication protocols and data representations to determine the required encoding strategies.
Mitigation
In some cases, input validation may be an important strategy when output encoding is not a complete solution. For example, you may be providing the same output that will be processed by multiple consumers that use different encodings or representations. In other cases, you may be required to allow user-supplied input to contain control information, such as limited HTML tags that support formatting in a wiki or bulletin board. When this type of requirement must be met, use an extremely strict allowlist to limit which control sequences can be used. Verify that the resulting syntactic structure is what you expect. Use your normal encoding methods for the remainder of the input.
Mitigation
Use input validation as a defense-in-depth measure to reduce the likelihood of output encoding errors (see CWE-20).
Mitigation
Fully specify which encodings are required by components that will be communicating with each other.
Mitigation
When exchanging data between components, ensure that both components are using the same character encoding. Ensure that the proper encoding is applied at each interface. Explicitly set the encoding you are using whenever the protocol allows you to do so.
CAPEC-104: Cross Zone Scripting
An attacker is able to cause a victim to load content into their web-browser that bypasses security zone controls and gain access to increased privileges to execute scripting code or other web objects such as unsigned ActiveX controls or applets. This is a privilege elevation attack targeted at zone-based web-browser security.
CAPEC-73: User-Controlled Filename
An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.
CAPEC-81: Web Server Logs Tampering
Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
CAPEC-85: AJAX Footprinting
This attack utilizes the frequent client-server roundtrips in Ajax conversation to scan a system. While Ajax does not open up new vulnerabilities per se, it does optimize them from an attacker point of view. A common first step for an attacker is to footprint the target environment to understand what attacks will work. Since footprinting relies on enumeration, the conversational pattern of rapid, multiple requests and responses that are typical in Ajax applications enable an attacker to look for many vulnerabilities, well-known ports, network locations and so on. The knowledge gained through Ajax fingerprinting can be used to support other attacks, such as XSS.