Lucene search
+L

22 matches found

redhatcve
redhatcve
added yesterday4 views

CVE-2026-49477

A flaw was found in soupsieve, a CSS selector library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted, untrusted CSS selector strings. The flaw occurs due to a regular expression vulnerable to catastrophic backtracking when processing a...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References6
redhatcve
redhatcve
added yesterday6 views

CVE-2026-49476

A flaw was found in soupsieve, a CSS selector library used with Beautiful Soup 4. This vulnerability allows a remote attacker to cause a denial of service DoS by supplying a specially crafted CSS selector string. The parser allocates unbounded memory when compiling large, comma-separated selector...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/07/09 12:0 a.m.9 views

PT-2026-56840

Name of the Vulnerable Software and Affected Versions soupsieve affected versions not specified Description The CSS selector parser in soupsieve contains a regular expression vulnerable to catastrophic backtracking, which occurs when the regex engine takes an exponential amount of time to process...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References4
redhat
redhat
added 2026/07/01 9:0 a.m.2 views

soupsieve: Soupsieve: Denial of Service via crafted CSS selector strings

A flaw was found in soupsieve, a CSS selector library. This vulnerability allows a remote attacker to cause a Denial of Service DoS by supplying specially crafted, untrusted CSS selector strings. The flaw occurs due to a regular expression vulnerable to catastrophic backtracking when processing a...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References7
snyk
snyk
added 2026/05/08 6:19 p.m.14 views

Infinite loop

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop in the handling of CSS selectors and linkification processes. An attacker can cause excessive CPU or memory consumption by supplying specially crafted selector...

8.7CVSS5.8AI score
Exploits0References3
github
github
added 2026/05/08 6:19 p.m.29 views

justhtml introduces denial-of-service hardening

Summary justhtml 1.18.0 fixes multiple low-severity denial-of-service hardening issues in CSS selector handling and linkification. These issues are availability concerns. They do not allow script execution, data disclosure, or sanitizer bypass by themselves. Affected versions - justhtml 1.18.0...

5.8AI score
Exploits0References2Affected Software1
redhatcve
redhatcve
added 2026/01/09 9:53 a.m.7 views

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

6.1CVSS6AI score0.01146EPSS
Exploits0References1
osv
osv
added 2025/04/03 2:9 p.m.4 views

BIT-JOOMLA-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

6.1CVSS9.2AI score0.01146EPSS
Exploits0References2
openvas
openvas
added 2022/07/18 12:0 a.m.13 views

Fedora: Security Advisory for golang-github-andybalholm-cascadia (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.0995EPSS
Exploits4References2
fedora
fedora
added 2022/07/17 1:15 a.m.26 views

[SECURITY] Fedora 35 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc35

The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...

9.3CVSS8.2AI score0.0995EPSS
Exploits4
fedora
fedora
added 2022/07/04 1:35 a.m.32 views

[SECURITY] Fedora 36 Update: golang-github-andybalholm-cascadia-1.2.0-6.fc36

The Cascadia package implements CSS selectors for use with the parse trees produced by the html package...

9.3CVSS8.2AI score0.0995EPSS
Exploits4
huntr
huntr
added 2022/01/03 2:47 p.m.16 views

in slidevjs/slidev

Description Vulnerability: CSS injection and Limited XSS via postMessage While reading the code, I came across packages/client/iframes/monaco/index.ts file, where a message eventListener is being used. The callback function adds the content of message inside tag. This way, the attacker can post a...

0.6AI score
Exploits0
osv
osv
added 2020/03/16 4:15 p.m.15 views

CVE-2020-10242

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

6.1CVSS5.9AI score
Exploits0References1
prion
prion
added 2020/03/16 4:15 p.m.26 views

Cross site scripting

An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks...

4.3CVSS5.9AI score0.01146EPSS
Exploits0References1Affected Software1
hackerone
hackerone
added 2017/10/12 8:42 p.m.24 views

Avito: CSS injection in avito.ru via IE11

Hi Team Security @avito I discovered CSS Injection on avito.ru in form search via IE11 Description CSS injection vulnerabilities arise when an application imports a style sheet from a user-supplied URL, or embeds user input in CSS blocks without adequate escaping. They are closely related to...

0.5AI score
Exploits0
fedora
fedora
added 2013/12/09 2:0 a.m.23 views

[SECURITY] Fedora 18 Update: php-symfony2-CssSelector-2.2.10-1.fc18

The CssSelector Component converts CSS selectors to XPath expressions...

5CVSS3AI score0.01868EPSS
Exploits0
openvas
openvas
added 2010/07/30 12:0 a.m.49 views

Ubuntu Update for thunderbird vulnerabilities USN-958-1

Ubuntu Update for Linux kernel vulnerabilities USN-958-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9581.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for thunderbird vulnerabilities USN-958-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

9.3CVSS1AI score0.43382EPSS
Exploits17References2
nessus
nessus
added 2010/07/27 12:0 a.m.61 views

Ubuntu 10.04 LTS : thunderbird vulnerabilities (USN-958-1)

Several flaws were discovered in the browser engine of Thunderbird. If a user were tricked into viewing malicious content, a remote attacker could use this to crash Thunderbird or possibly run arbitrary code as the user invoking the program. CVE-2010-1211, CVE-2010-1212 An integer overflow was...

9.8CVSS7.8AI score0.43382EPSS
Exploits17References10
ubuntu
ubuntu
added 2010/07/23 8:48 a.m.101 views

USN-957-1: Firefox and Xulrunner vulnerabilities

Several flaws were discovered in the browser engine of Firefox. If a user were tricked into viewing a malicious site, a remote attacker could use this to crash the browser or possibly run arbitrary code as the user invoking the program. CVE-2010-1208, CVE-2010-1209, CVE-2010-1211, CVE-2010-1212 A...

9.8CVSS7.9AI score0.43382EPSS
Exploits27
nessus
nessus
added 2010/07/22 12:0 a.m.41 views

Firefox 3.6 < 3.6.7 Multiple Vulnerabilities

The installed version of Firefox 3.6.x is earlier than 3.6.7. Such versions are potentially affected by the following security issues : - Multiple memory safety bugs could result in memory corruption, potentially resulting in arbitrary code execution. MFSA 2010-34 - An error in DOM attribute...

9.3CVSS7.7AI score0.09782EPSS
Exploits20References29
Rows per page
Query Builder