Lucene search
+L

3523 matches found

nvd
nvd
added yesterday7 views

CVE-2026-57074

XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parsercparse function attempts to check for multicharacter strings such as "" without checking that the offsets are within the buffer. Truncated strings such as "a/" can trigger an out-of-bounds read...

Exploits0References3
rocky
rocky
added yesterday5 views

perl-XML-LibXML security update

An update is available for perl-XML-LibXML. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module implements a Perl interface to the GNOME libxml2 library...

7.5CVSS6.1AI score0.00629EPSS
Exploits0
rocky
rocky
added 2 days ago6 views

perl-XML-LibXML security update

An update is available for perl-XML-LibXML. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This module implements a Perl interface to the GNOME libxml2 library...

7.5CVSS6.1AI score0.00629EPSS
Exploits0
redhat
redhat
added 2 days ago5 views

python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations

A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...

8.7CVSS6AI score0.00553EPSS
Exploits0References11
osv
osv
added 2 days ago3 views

RLSA-2026:39183 Important: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS6.1AI score0.00553EPSS
Exploits0References2
osv
osv
added 2 days ago3 views

RLSA-2026:39320 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.5CVSS6.1AI score0.00553EPSS
Exploits0References2
redhat
redhat
added 2 days ago4 views

python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations

A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...

8.7CVSS6AI score0.00553EPSS
Exploits0References11
cvelist
cvelist
added 3 days ago36 views

CVE-2026-15778

Insufficient validation of untrusted input in Navigation in Google Chrome prior to 150.0.7871.125 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Medium...

0.00263EPSS
Exploits0References2
cvelist
cvelist
added 3 days ago31 views

CVE-2026-49458 DOMPurify: Cross-realm IN_PLACE sanitization leaves executable markup intact via realm-bound `instanceof` checks

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitizenode, INPLACE: true accepted same-origin foreign-realm DOM nodes while follow-on checks used parent-realm constructors, causing instanceof checks for forms, named node maps, documen...

6.1CVSS0.00288EPSS
Exploits0References3
cve
cve
added 3 days ago6 views

CVE-2026-57097

CVE-2026-57097 describes an Untrusted search path in Microsoft XML that allows a physical attacker to bypass a security feature. Affects Microsoft XML; impact is described as high for confidentiality, integrity, and availability with a physical attack requiring no user interaction. No exploit det...

6.4CVSS6.1AI score0.00248EPSS
Exploits0References1
redhat
redhat
added 3 days ago6 views

python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations

A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...

8.7CVSS6AI score0.00553EPSS
Exploits0References11
osv
osv
added 3 days ago2 views

SUSE-SU-2026:2950-1 Security update for perl-HTML-Parser

This update for perl-HTML-Parser fixes the following issue - CVE-2026-8829: HTML:Entities versions before 3.84 for Perl read freed heap memory in decodeentities bsc1267606...

7.5CVSS6.1AI score0.0031EPSS
Exploits0References3
euvd
euvd
added 4 days ago8 views

EUVD-2026-43288

The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...

4.3CVSS6.2AI score0.0017EPSS
Exploits0References2
cve
cve
added 4 days ago10 views

CVE-2026-12273

The CVE-2026-12273 entry concerns Tutor LMS for WordPress (MITRE CVE-2026-12273). Affected component: Tutor LMS WordPress plugin prior to version 3.9.13. Description details a lack of authorization checks and post-target validation in a comment-creation handler, resulting in pre-approved comments...

4.3CVSS6.2AI score0.0017EPSS
Exploits0References1
susecve
susecve
added 6 days ago4 views

SUSE CVE-2026-15308

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

7.5CVSS6.1AI score0.00553EPSS
Exploits0References5
fedora
fedora
added 6 days ago6 views

[SECURITY] Fedora 44 Update: perl-HTML-Gumbo-0.19-1.fc44

Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies...

9.8CVSS6.1AI score0.00663EPSS
Exploits0
osv
osv
added last week3 views

CVE-2026-54714 Logto: XSS via unescaped RelayState in SAML auto-submit form

Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form in packages/core/src/saml-application/SamlApplication/utils.ts without HTML-attribute...

6.1CVSS6.1AI score0.00253EPSS
Exploits0References6
cve
cve
added last week10 views

CVE-2026-55466

CVE-2026-55466 (Snipe-IT) is a stored XSS vulnerability in the UploadFileRequest path before version 8.6.2. The sanitizer only processes SVG content when PHP finfo reports image/svg+xml, and UploadedFilesController serves attachments inline without StorageHelper::allowSafeInline(), enabling a low...

8.7CVSS6.1AI score0.00316EPSS
Exploits1References3Affected Software1
redhat
redhat
added last week4 views

python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations

A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...

8.7CVSS6AI score0.00553EPSS
Exploits0References11
redhat
redhat
added last week4 views

python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations

A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...

8.7CVSS6AI score0.00553EPSS
Exploits0References11
Rows per page
Query Builder