6108 matches found
DOMSanitizer 安全漏洞
DOMSanitizer is a security operation or filter developed by Andy Miller as an individual contributor for the DOM Document Object Model. Versions of DOMSanitizer prior to 1.0.10 contained security vulnerabilities, which were caused by insufficient checks on the content of the style element in SVG...
ROS-20260417-73-0043
Vulnerability in zabbix7.4 related to the provisioning of a data element for an erroneous session. Exploitation of the vulnerability may allow an attacker to escalate his privileges...
ROS-20260417-73-0041
Vulnerability in zabbix7-lts related to providing a data element for an erroneous session. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
ROS-20260417-73-0040
Vulnerability in zabbix-lts related to providing a data element for an erroneous session. Exploitation of the vulnerability could allow an attacker to escalate his privileges...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007315)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007315 advisory. In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: fix memleak in map from abort path The delete set command does not rely on t...
EUVD-2026-23110
sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements...
sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements
Summary Commit 49d0bb7 introduced a regression in sanitize-html that bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option. Entity-encoded HTML inside these elements passes through the sanitizer as decoded, unescaped HTML, allowing injection of arbitrary...
Operator Precedence Logic Error
Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Operator Precedence Logic Error in the form of short-circuit evaluation that gives precedence to ADDTAGS over FORBIDTAGS in sanitizeElements. In an application where ADDTAG...
Fedora 43 : python-cairosvg (2026-ec61ca906c)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ec61ca906c advisory. Security fix for CVE-2026-31899: https://nvd.nist.gov/vuln/detail/CVE-2026-31899 / https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c...
EUVD-2026-23017
Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged local attacker could have exploited this vulnerability by manipulating the search path used by the...
Cross-site Scripting (XSS)
Overview sanitize-html is a library that allows you to clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis Affected versions of this package are vulnerable to Cross-site Scripting XSS in sanitizeHtml, when entity-encoded text is present...
CVE-2026-40186 ApostropheCMS: sanitize-html allowedTags Bypass via Entity-Decoded Text in nonTextTags Elements
ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...
CVE-2026-40186
ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasses allowedTags enforcement for text inside nonTextTagsArray elements textarea and option...
EUVD-2026-22899
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...
CVE-2026-40745
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...
CVE-2026-40745
The CVE-2026-40745 entry describes an SQL Injection vulnerability in the bdthemes Element Pack Elementor Addons (bdthemes-element-pack-lite) for WordPress, affecting versions up to 8.4.2. The root cause is improper neutralization of special elements used in an SQL command, leading to potential bl...
CVE-2026-40745
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...
CVE-2026-40745 WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...
CVE-2026-40745 WordPress Element Pack Elementor Addons plugin <= 8.4.2 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bdthemes Element Pack Elementor Addons bdthemes-element-pack-lite allows Blind SQL Injection.This issue affects Element Pack Elementor Addons: from n/a through = 8.4.2...
PT-2026-33047
Name of the Vulnerable Software and Affected Versions bdthemes Element Pack Elementor Addons versions prior to 8.4.3 Description Improper neutralization of special elements used in an SQL command allows for Blind SQL Injection. Blind SQL Injection is a technique where an attacker asks the databas...