CVE-2025-15022

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

EUVD-2026-0820

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. In Vaadin Framework 7 and 8, the Action class is a general-purpose class that may be used by multiple components. The fixed version...

Cross-site scripting in Action caption

Action captions in Vaadin accept HTML by default but were not sanitized, potentially allowing Cross-site Scripting XSS if caption content is derived from user input. See CWE-79 Improper Neutralization of Input During Web Page Generation Cross-site Scripting Description In Vaadin Framework 7 and 8...

EUVD-2014-2159

Malware in sbrugna...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to use safelist iterators, which could lead to reuse after release...

EUVD-2022-6828

Malicious code in bioql PyPI...

jsoup may not sanitize Cross-Site Scripting (XSS) attempts if SafeList.preserveRelativeLinks is enabled

...

ROS-20240826-07

A vulnerability in the SafeList.preserveRelativeLinks parameter of the Java library for analyzing, retrieving, and manipulating data in HTML jsoup documents is related to failure to take measures to protect the structure of a web page. Exploitation of the vulnerability could allow an attacker to...

RHEL 7 : jsoup (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck CVE-2021-37714 - jsoup: The jso...

jsoup may not sanitize code injection XSS attempts if SafeList.preserveRelativeLinks is enabled

jsoup may incorrectly sanitize HTML including javascript: URL expressions, which could allow cross-site scripting XSS attacks when a reader subsequently clicks that link. If the non-default SafeList.preserveRelativeLinks option is enabled, HTML including javascript: URLs that have been crafted wi...

Cross-site Scripting (XSS)

jsoup is vulnerable to cross-site scripting. The vulnerability exists in resolve function in StringUtil.java because the jsoup cleaner is not properly sanitized when SafeList.preserveRelativeLinks is enabled which allows an attacker to inject and execute arbitrary javascript...

Ruby on Rails: ReDoS (Rails::Html::PermitScrubber.scrub_attribute)

I have confirmed that ReDoS occurs on Rails::Html::PermitScrubber.scrubattribute. https://github.com/rails/rails-html-sanitizer/blob/v1.4.3/lib/rails/html/scrubbers.rbL134 ruby def scrubattributenode, attrnode attrname = if attrnode.namespace "attrnode.namespace.prefix:attrnode.nodename" else...

Cisco AsyncOS for Email Security Appliances Software Remote Code Execution (CSCug79377)

According to its self-reported version and configuration, the Cisco AsyncOS running on the remote Cisco Email Security ESA appliance is affected by a remote code execution vulnerability in the Safelist/Blocklist SLBL function due to improper handling of SLBL database files. An authenticated, remo...

Cisco AsyncOS for Content Security Management Appliances Software Remote Code Execution (CSCug80118)

According to its self-reported version, the version of Cisco Content Security Management Appliance running on the remote host is affected by a remote code execution vulnerability due to a flaw in Cisco AsyncOS. An authenticated attacker could potentially exploit this vulnerability to execute...