Lucene search
K

267 matches found

RedhatCVE
RedhatCVE
added 2026/06/22 12:18 p.m.8 views

CVE-2026-42573

A flaw was found in Svelte, a web framework. An attacker could exploit a DOM clobbering vulnerability, which allows manipulation of the Document Object Model DOM to overwrite internal framework state on elements. This could potentially lead to Cross-Site Scripting XSS attacks, enabling the attack...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/12 8:34 p.m.15 views

CVE-2026-42567

A flaw was found in Svelte, a web framework. An internal regular expression regex in the Svelte runtime, specifically when processing , can be exploited by a remote attacker. By providing specially crafted input, an attacker can cause the regex to take an exponential amount of time to process,...

7.5CVSS5.4AI score0.00421EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 p.m.11 views

CVE-2026-42570

A flaw was found in devalue, a JavaScript library used for serializing values. Due to quirks in some JavaScript engines, the devalue.parse function could be exploited by a remote attacker when deserializing specially crafted sparse arrays. This could lead to excessive memory consumption, resultin...

7.5CVSS5.4AI score0.00393EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/10 3:1 p.m.14 views

CVE-2026-42599

A flaw was found in Svelte. When an application uses spread syntax to render attributes from untrusted data, event handler properties are included in the generated HTML output. This allows a remote attacker to inject malicious event handlers that can execute in a victim's web browser, leading to...

6.1CVSS5.4AI score0.00168EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-42567

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

7.5CVSS0.00421EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.9 views

CVE-2026-42573

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

8.1CVSS0.00319EPSS
Exploits0References5
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-42599

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

6.1CVSS0.00168EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 5:17 p.m.13 views

CVE-2026-42570

Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when...

7.5CVSS0.00393EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/09 4:22 p.m.31 views

CVE-2026-42599 Cross-site scripting via spread attributes in Svelte SSR

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

5CVSS0.00168EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:22 p.m.9 views

CVE-2026-42599 Cross-site scripting via spread attributes in Svelte SSR

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

5CVSS5.5AI score0.00168EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 4:22 p.m.11 views

EUVD-2026-35703

Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an...

5CVSS5.5AI score0.00168EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:22 p.m.45 views

CVE-2026-42599

CVE-2026-42599 affects Svelte SSR. Prior to version 5.55.7, using spread syntax to render attributes from untrusted data may include event handler properties in the rendered HTML, enabling attackers to inject malicious event handlers that run in victims’ browsers if JavaScript is enabled and hydr...

6.1CVSS5.5AI score0.00168EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/09 4:22 p.m.21 views

CVE-2026-42567

CVE-2026-42567 affects Svelte runtimes from 5.51.5 up to 5.55.6, where an internal regex used during svelte:element tag validation can cause exponential-time processing (ReDoS) on certain tag names. The issue is triggered during the validation of , leading to significant CPU usage and potential...

7.5CVSS5.3AI score0.00421EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/09 4:22 p.m.29 views

CVE-2026-42567 Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS0.00421EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 4:22 p.m.10 views

EUVD-2026-35702

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS5.3AI score0.00421EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:22 p.m.9 views

CVE-2026-42567 Svelte: ReDoS in `<svelte:element>` Tag Validation

Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in . This issue has been patched in version 5.55.7...

5.9CVSS5.4AI score0.00421EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/09 4:21 p.m.31 views

CVE-2026-42573 Svelte: XSS via DOM Clobbering of Internal Framework State

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

5.3CVSS0.00319EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 4:21 p.m.11 views

EUVD-2026-35701

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

5.3CVSS5.3AI score0.00319EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:21 p.m.20 views

CVE-2026-42573

CVE-2026-42573 (Svelte) describes a DOM clobbering vulnerability in Svelte prior to version 5.55.7, where internal framework state can be overwritten on elements, potentially enabling Cross-Site Scripting (XSS). The issue has been fixed in 5.55.7. Affected scope : Svelte versions before 5.55.7 (a...

8.1CVSS5.3AI score0.00319EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/09 4:21 p.m.58 views

CVE-2026-42573 Svelte: XSS via DOM Clobbering of Internal Framework State

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

5.3CVSS5.3AI score0.00319EPSS
Exploits0References2
Rows per page
Query Builder