CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

Github Security Blog•added 2026/03/17 2:7 p.m.•4 views

Uncontrolled recursion DoS in JustHTML() via deeply nested HTML

Summary justhtml through 1.9.1 allows denial of service via deeply nested HTML. During parsing, JustHTML.init always reaches TreeBuilder.finish, which unconditionally calls populateselectedcontent. That function recursively traverses the DOM via findelements / findelement without a depth bound,...

5.8AI score

Exploits0References3Affected Software1

OSV•added 2026/03/17 2:7 p.m.•3 views

GHSA-V7CF-C9RM-WM3J Uncontrolled recursion DoS in JustHTML() via deeply nested HTML

7.1CVSS5.8AI score

Exploits0References3

CNVD•added 2026/03/12 12:0 a.m.•1 views

OpenClaw Denial of Service Vulnerability (CNVD-2026-13554)

OpenClaw is a gateway tool for network data acquisition. A denial of service vulnerability exists in OpenClaw. An attacker can exploit this vulnerability to crash the gateway process by parsing oversized or deeply nested HTML responses to exhaust memory and trick users into visiting a malicious U...

6.9CVSS5.8AI score0.00194EPSS

Exploits0References1

RedhatCVE•added 2026/03/07 1:44 a.m.•3 views

CVE-2026-28394

OpenClaw versions prior to 2026.2.15 contain a denial of service vulnerability in the webfetch tool that allows attackers to crash the Gateway process through memory exhaustion by parsing oversized or deeply nested HTML responses. Remote attackers can social-engineer users into fetching malicious...

6.9CVSS5.8AI score0.00194EPSS

Exploits0References1

OSV•added 2026/03/05 10:16 p.m.•1 views

CVE-2026-28394

6.5CVSS5.8AI score

Exploits0References3

ATTACKERKB•added 2026/03/05 9:59 p.m.•3 views

CVE-2026-28394

6.9CVSS5.9AI score0.00194EPSS

Exploits0References4

Cvelist•added 2026/03/05 9:59 p.m.•23 views

CVE-2026-28394 OpenClaw < 2026.2.15 - Denial of Service via Unbounded Response Parsing in web_fetch Tool

6.9CVSS0.00194EPSS

Exploits0References3

EUVD•added 2026/03/05 9:59 p.m.•3 views

EUVD-2026-9894

6.9CVSS5.9AI score0.00194EPSS

Exploits0References3

CNNVD•added 2026/03/05 12:0 a.m.•3 views

OpenClaw 安全漏洞

6.9CVSS5.8AI score0.00194EPSS

Exploits0References3

Github Security Blog•added 2026/02/19 7:40 p.m.•5 views

OpenClaw has a Web Fetch DoS via unbounded response parsing

Summary The webfetch tool could be used to crash the OpenClaw Gateway process OOM / resource exhaustion by fetching and attempting to parse attacker-controlled web pages with oversized response bodies or pathological HTML nesting. Affected Packages / Versions - Package: openclaw npm - Affected...

6.9CVSS5.6AI score0.00194EPSS

Exploits0References4Affected Software1

OSV•added 2026/02/19 7:40 p.m.•3 views

GHSA-P536-VVPP-9MC8 OpenClaw has a Web Fetch DoS via unbounded response parsing

6.5CVSS5.6AI score0.00194EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-0036

Malware in sbrugna...

7.5CVSS8.5AI score0.06773EPSS

Exploits0References22

OSV•added 2025/03/10 8:13 a.m.•7 views

BIT-DJANGO-2024-53907

An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The striptags method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS6.9AI score0.01038EPSS

Exploits0References5

Github Security Blog•added 2024/12/06 12:30 p.m.•21 views

Django denial-of-service in django.utils.html.strip_tags()

7.5CVSS6.5AI score0.01038EPSS

Exploits0References8Affected Software1

OSV•added 2024/12/06 12:15 p.m.•11 views

CVE-2024-53907

7.5CVSS6.5AI score

Exploits0References4

OSV•added 2024/12/04 3:0 p.m.•0 views

UBUNTU-CVE-2024-53907

7.5CVSS7.1AI score0.01038EPSS

Exploits0References4

Snyk•added 2024/12/04 12:0 a.m.•2 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via certain inputs containing large sequences of nested incomplete HTML entities submitted to the striptags function and striptags template filter. An attacker can cause the application to consume excessive resources...

7.5CVSS7.2AI score0.01038EPSS

Exploits0References2

Veracode•added 2023/10/16 6:43 a.m.•5 views

Denial Of Service (DoS)

jtidy is vulnerable to Denial of Service DoS. The vulnerability is due to lack of nesting depth checks in the library, which allows an attacker to cause an application crash through a stack overflow by parsing a deeply nested html string...

7.5CVSS7.3AI score0.00059EPSS

Exploits1References5Affected Software1

OpenVAS•added 2023/08/08 12:0 a.m.•13 views

Debian: Security Advisory (DSA-5471-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.8AI score0.0023EPSS

Exploits1References4

SUSE CVE•added 2023/02/15 4:10 a.m.•1 views

SUSE CVE-2019-14233

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS9.5AI score0.06773EPSS

Exploits0References8

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by