CVE-2026-41240

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...

GHSA-5PV5-XH52-HVRP uutils coreutils has an Incorrect Short Circuit Evaluation Issue

A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw prevents the utility from performing proper short-circuiting for logical OR | and AND & operation...

DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)

There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...

CVE-2026-35378

CVE-2026-35378 affects the expr utility in uutils coreutils. A logic error causes evaluation of parenthesized subexpressions during parsing instead of execution, preventing proper short-circuiting for OR/AND. Consequently, arithmetic errors (e.g., division by zero) in dead branches are raised as ...

PT-2026-34604

Name of the Vulnerable Software and Affected Versions DOMPurify versions prior to 3.4.0 Description An inconsistency exists between the handling of FORBID TAGS and FORBID ATTR when a function-based ADD TAGS configuration is used. Specifically, when the EXTRA ELEMENT HANDLING.tagCheck function...

GHSA-39Q2-94RC-95CP DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

Summary In src/purify.ts:1117-1123, ADDTAGS as a function via EXTRAELEMENTHANDLING.tagCheck bypasses FORBIDTAGS due to short-circuit evaluation. The condition: !tagChecktagName && !ALLOWEDTAGStagName || FORBIDTAGStagName When tagChecktagName returns true, the entire condition is false and the...

DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

Summary In src/purify.ts:1117-1123, ADDTAGS as a function via EXTRAELEMENTHANDLING.tagCheck bypasses FORBIDTAGS due to short-circuit evaluation. The condition: !tagChecktagName && !ALLOWEDTAGStagName || FORBIDTAGStagName When tagChecktagName returns true, the entire condition is false and the...

CVE-2026-23293

CVE-2026-23293 affects the Linux kernel net/vxlan code. Root cause: when IPv6 is disabled (ipv6.disable=1), nd_tbl is not initialized, leading to a NULL pointer dereference in neigh_lookup() invoked by route_shortcircuit() when an IPv6 packet is injected. Impact is local: a crafted, locally deliv...

CVE-2026-22043 RustFS has IAM deny_only Short-Circuit that Allows Privilege Escalation via Service Account Minting

RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed denyonly short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privilege...

PT-2026-2144

Name of the Vulnerable Software and Affected Versions RustFS versions 1.0.0-alpha.13 through 1.0.0-alpha.78 Description RustFS is a distributed object storage system built in Rust. A flaw in the deny only short-circuit within RustFS IAM allows a restricted service account or STS credential to...

PT-2025-38261

Name of the Vulnerable Software and Affected Versions Dragonfly versions prior to 2.1.0 Description The access control mechanism for the Proxy feature uses simple string comparisons and is vulnerable to timing attacks. An attacker may attempt to guess the password character by character by sendin...

SUSE CVE-2010-3315

authz.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x before 1.5.8 and 1.6.x before 1.6.13, when SVNPathAuthz shortcircuit is enabled, does not properly handle a named repository as a rule scope, which allows remote authenticated users to bypass...

SUSE CVE-2011-1783

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is enabled, allows remote attackers to cause a denial of service infinite loop and memory consumption in opportunistic circumstances by...

GHSA-8R28-R8CP-G6CP Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in t...

Rockwell Automation 1769-16pt 24Vdc Source Output w/Electronic Short Ckt. Protection/A 1769-OB16P/A General Purpose Discrete I/O

Binary data 752537.prm...

Apache Hadoop Information Disclosure Vulnerability

Apache Hadoop is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:hadoop"...

Information disclosure

This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2 in the short-circuit reads feature of HDFS. A local user on an HDFS DataNode may be able to craft a block token that grants unauthorized read access to random files by guessing certain fields in t...

Page load short-circuit can lead to XSS — Mozilla

Security researchers Jordi Chancel and Eddy Bordi reported that they could short-circuit page loads to show the address of a different site than what is loaded in the window in the addressbar. Security researcher Chris McGowen independently reported the same flaw, and further demonstrated that th...

(mod_dav_svn): DoS (excessive memory use) when configured to provide path-based access control

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is enabled, allows remote attackers to cause a denial of service infinite loop and memory consumption in opportunistic circumstances by...

(mod_dav_svn): File contents disclosure of files configured to be unreadable by those users

The moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion 1.5.x and 1.6.x before 1.6.17, when the SVNPathAuthz shortcircuit option is disabled, does not properly enforce permissions for files that had been publicly readable in the past, which allows remote attackers to...