CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

2426 matches found

VulnCheck KEV•added 2021/01/21 12:0 a.m.•1 views

VulnCheck KEV: CVE-2019-11358

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extendtrue, , ... because of Object.prototype pollution. If an unsanitized source object contained an enumerable proto property, it could extend the native Object.prototype...

6.1CVSS6.8AI score0.01319EPSS

Exploits4References1

VulnCheck KEV•added 2021/01/21 12:0 a.m.•1 views

VulnCheck KEV: CVE-2020-11022

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. This problem is patched in jQuery 3.5.0...

6.9CVSS6.7AI score0.02391EPSS

Exploits7References1

Tenable Nessus•added 2021/01/21 12:0 a.m.•66 views

Oracle WebCenter Sites (Jan 2021 CPU)

Oracle WebCenter Sites component of Oracle Fusion Middleware is affected by a vulnerability in the jQuery component. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html, .append, and others may execute untrusted code. Note that...

6.9CVSS6.8AI score0.34098EPSS

Exploits11References4

OSV•added 2021/01/19 3:15 p.m.•3 views

AZL-44430 CVE-2020-28481 affecting package js-jquery 3.5.0-4

The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default...

4.3CVSS5.8AI score0.00183EPSS

Exploits1References1

Prion•added 2021/01/14 4:15 p.m.•12 views

Design/Logic Flaw

SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html function to directly...

3.5CVSS5.5AI score0.00206EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/01/14 3:7 p.m.•8 views

CVE-2020-29587

5.5AI score0.00206EPSS

Exploits1References1

Veracode•added 2021/01/14 5:32 a.m.•33 views

Regular Expression Denial Of Service (ReDoS)

jquery-validation is vulnerable to regular expression denial of service. An insecure use of a regular expression to parse URLs allows an attacker to cause a denial of service condition via a malicious URL...

7.5CVSS5.4AI score0.00667EPSS

Exploits0References9Affected Software3

OSV•added 2021/01/13 7:15 p.m.•22 views

CVE-2021-21252

The jQuery Validation Plugin provides drop-in validation for your existing forms. It is published as an npm package "jquery-validation". jquery-validation before version 1.19.3 contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service. This is fixe...

7.5CVSS7.4AI score

Exploits0References6

NVD•added 2021/01/13 7:15 p.m.•14 views

CVE-2021-21252

7.5CVSS6.1AI score0.00667EPSS

Exploits0References6

OSV•added 2021/01/13 7:15 p.m.•2 views

DEBIAN-CVE-2021-21252

7.5CVSS5.5AI score0.00667EPSS

Exploits0References1

UbuntuCve•added 2021/01/13 7:15 p.m.•25 views

CVE-2021-21252

7.5CVSS6.3AI score0.00667EPSS

Exploits0References3

OSV•added 2021/01/13 7:15 p.m.•1 views

UBUNTU-CVE-2021-21252

7.5CVSS6.1AI score0.00667EPSS

Exploits0References4

Prion•added 2021/01/13 7:15 p.m.•13 views

Input validation

5CVSS7.4AI score0.00667EPSS

Exploits0References6Affected Software1

OSV•added 2021/01/13 6:21 p.m.•1 views

GHSA-JXWX-85VP-GVWM Regular Expression Denial of Service in jquery-validation

The GitHub Security Lab team has identified potential security vulnerabilities in jquery.validation. The project contains one or more regular expressions that are vulnerable to ReDoS Regular Expression Denial of Service This issue was discovered and reported by GitHub team member @erik-krogh Erik...

7.5CVSS5.9AI score0.00667EPSS

Exploits0References11

Github Security Blog•added 2021/01/13 6:21 p.m.•128 views

Regular Expression Denial of Service in jquery-validation

7.5CVSS2.8AI score0.00667EPSS

Exploits0References11Affected Software2

vulnersOsv•added 2021/01/13 6:21 p.m.•2 views

@dmrvos/infrajs (>=0.0.4 <=0.0.8), @marjose/jstoolkit (>=0.0.2 <=1.0.0-beta) +10 more potentially affected by CVE-2021-21252 via jquery-validation (>=1.14.0 <=1.19.1)

jquery-validation NPM version =1.14.0, =0.0.4, =0.0.2, =0.2.2, =3.0.0, =0.11.28, =0.0.8, =1.4.0, =1.0.0, =3.0.0-prerelease.20170216T120000Z, =1.0.0, =1.0.6 - webpack-symfony-builder =1.0.0 Source cves: CVE-2021-21252 Source advisory: OSV:GHSA-JXWX-85VP-GVWM...

7.5CVSS6.1AI score0.00667EPSS

Exploits0

Positive Technologies•added 2021/01/13 12:0 a.m.•3 views

PT-2021-14362 · Jquery +1 · Jquery-Validation +1

Name of the Vulnerable Software and Affected Versions: jquery-validation versions prior to 1.19.3 Description: The issue concerns the jQuery Validation Plugin, which provides drop-in validation for existing forms. It contains one or more regular expressions that are vulnerable to ReDoS Regular...

9.8CVSS7.1AI score0.34098EPSS

Exploits18References85

Debian CVE•added 2021/01/13 12:0 a.m.•25 views

CVE-2021-21252

7.5CVSS5.2AI score0.00667EPSS

Exploits0

CNNVD•added 2021/01/13 12:0 a.m.•3 views

jQuery Resource Management Error Vulnerability

jQuery is the United States John Resig individual developers of a set of open source , cross-browser JavaScript library . The library simplifies the operation between HTML and JavaScript, and features modularity, plug-in extensions, and more. A resource management error vulnerability exists in...

7.5CVSS6.1AI score0.00667EPSS

Exploits0References9

Cvelist•added 2021/01/13 12:0 a.m.•16 views

CVE-2021-21252 Regular expression denial of service in jquery-validation

5.3CVSS7.7AI score0.00667EPSS

Exploits0References6

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by