CVE-2026-39315 | unjs unhead up to 2.1.12 safe.ts useHeadSafe incomplete blacklist (GHSA-95h2-gj7x-gx9w)

Inserito da Angelo Barbosa | Apr 9, 2026 | CVE

A vulnerability labeled as critical has been found in unjs unhead up to 2.1.12. This issue affects the function useHeadSafe of the file packages/unhead/src/plugins/safe.ts. The manipulation results in incomplete blacklist.

This vulnerability is identified as CVE-2026-39315. The attack can be executed remotely. There is not any exploit available.

The affected component should be upgraded.

CVE-2026-39315 | unjs unhead up to 2.1.12 safe.ts useHeadSafe incomplete blacklist (GHSA-95h2-gj7x-gx9w)

Post correlati

CVE-2024-23464 | Zscaler Client Connector up to 4.2.0 on Windows permissions

CVE-2024-40522 | SeaCMS 12.9 phomebak.php Remote Code Execution

CVE-2024-53588 | iTop VPN 16.0 DLL vpn6 uncontrolled search path

CVE-2025-11101 | itsourcecode Open Source Job Portal 1.0 index.php?view=edit ID sql injection