CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

66 matches found

CNNVD•added 2026/06/08 12:0 a.m.•1 views

HTML Sanitizer 跨站脚本漏洞

HTML Sanitizer is an HTML security filtering component open-sourced by the TYPO3 GitHub Department. Versions of HTML Sanitizer prior to 2.3.2 contained a cross-site scripting vulnerability. This vulnerability stemmed from incorrect encoding of namespace attributes during HTML serialization, which...

5.1CVSS5AI score0.00366EPSS

Exploits0References1

Tenable Nessus•added 2026/05/08 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-43353

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path hcidmadequeuexfer may be invoked for multiple transfers that timeout around the same...

7.8CVSS5.8AI score0.00099EPSS

Exploits0References4

Cvelist•added 2026/05/07 3:47 a.m.•37 views

CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package serializes DocumentType node fields internalSubset, publicId, systemId verbatim without any...

8.7CVSS0.00392EPSS

Exploits0References4

CNNVD•added 2026/05/01 12:0 a.m.•7 views

Mix PHP 代码问题漏洞

Mix PHP is Mix PHP open source a PHP command line mode development framework that supports seamless multi-server ecosystem switching. A code issue vulnerability exists in Mix PHP versions 2.x through 2.2.17 that stems from a session and cache handler call to unserialize on file system data in the...

9.8CVSS5.9AI score0.0038EPSS

Exploits0References1

Snyk•added 2026/01/22 3:46 a.m.•3 views

Allocation of Resources Without Limits or Throttling

Overview seroval is a Stringify JS values Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when serializing objects with very large depth. An attacker can cause resource exhaustion and disrupt service availability by submitting objects with...

8.7CVSS5.5AI score0.00403EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 11:17 a.m.•3 views

CVE-2021-0970

In createFromParcel of GpsNavigationMessage.java, there is a possible Parcel serialization/deserialization mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-1...

7.8CVSS7.7AI score0.00202EPSS

Exploits0References1