CVE-2026-1116
published 2026-04-12CVE-2026-1116: A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0…
PriorityP426medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.26%
17.0th percentile
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This allows an attacker to inject malicious HTML or JavaScript payloads, which can be executed in the context of another user's browser. Exploitation of this vulnerability can lead to account takeover, session hijacking, or wormable attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| lollms | lollms | <= 2.1.0 | — |
| parisneo | parisneo_lollms | >= unspecified < 2.2.0 | 2.2.0 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.08.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
parisneo lollms up to 2.1.x AppLollmsMessage from_dict content cross site scripting (EUVD-2026-21692)
vuldb·2026-04-12·CVSS 8.2
CVE-2026-1116 [HIGH] parisneo lollms up to 2.1.x AppLollmsMessage from_dict content cross site scripting (EUVD-2026-21692)
A vulnerability was found in parisneo lollms up to 2.1.x and classified as problematic. The impacted element is the function from_dict of the component AppLollmsMessage. Such manipulation of the argument content leads to cross site scripting.
This vulnerability is referenced as CVE-2026-1116. It is possible to launch the attack remotely. No exploit is available.
It is suggested to upgrade the affected component.
GHSA
GHSA-w676-j9x4-3hq2: A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to versio
ghsa_unreviewed·2026-04-12
CVE-2026-1116 [HIGH] CWE-79 GHSA-w676-j9x4-3hq2: A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to versio
A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the `content` field when deserializing user-provided data. This allows an attacker to inject malicious HTML or JavaScript payloads, which can be executed in the context of another user's browser. Exploitation of this vulnerability can lead to account takeover, session hijacking, or wormable attacks.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-53229 kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
bugzilla·2026-06-25
CVE-2026-53229 [MEDIUM] CVE-2026-53229 kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
CVE-2026-53229 kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
In the XSK branch of mlx5e_xmit_xdp_buff(), when sq->xmit_xdp_frame()
returns false (e.g. XDPSQ is full), the function returns without
unmapping the DMA address or freeing the xdp_frame allocated by
xdp_convert_zc_to_xdp_frame(). The xdpi_fifo push only happens on
success, so the completion path cannot recover these entries.
With CONFIG_DMA_API_DEBUG=y, the leak surfaces on driver unbind:
DMA-API: pci 0000:08:00.0: device driver has pending DMA
allocations while released from device [count=1116]
One of leaked entries details: [device address=0x000000010ffd7028]
[siz
Bugzilla
CVE-2026-45840 kernel: openvswitch: cap upcall PID array size and pre-size vport replies
bugzilla·2026-05-27
CVE-2026-45840 [MEDIUM] CVE-2026-45840 kernel: openvswitch: cap upcall PID array size and pre-size vport replies
CVE-2026-45840 kernel: openvswitch: cap upcall PID array size and pre-size vport replies
In the Linux kernel, the following vulnerability has been resolved:
openvswitch: cap upcall PID array size and pre-size vport replies
The vport netlink reply helpers allocate a fixed-size skb with
nlmsg_new(NLMSG_DEFAULT_SIZE, ...) but serialize the full upcall PID
array via ovs_vport_get_upcall_portids(). Since
ovs_vport_set_upcall_portids() accepts any non-zero multiple of
sizeof(u32) with no upper bound, a CAP_NET_ADMIN user can install a PID
array large enough to overflow the reply buffer, causing nla_put() to
fail with -EMSGSIZE and hitting BUG_ON(err
genl_family_rcv_msg_doit (net/netlink/genetlink.c:1116)
genl_rcv_msg (net/netlink/genetlink.c:1194)
netlink_rcv_skb (net/netlink/af_netlink.c:255
2026-04-12
Published