Lucene search
K

109 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in the HTML parser in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to bypass XSS protections through a crafted HTML page. Chrome security severity: Medium...

6.1CVSS6.9AI score0.00545EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 2:54 p.m.15 views

SUSE-SU-2026:2079-1 Security update for go1.25-openssl

This update for go1.25-openssl fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool...

7.5CVSS6AI score0.00813EPSS
Exploits0References25
OSV
OSV
added 2026/05/14 10:33 p.m.7 views

SUSE-SU-2026:1861-1 Security update for go1.26

This update for go1.26 fixes the following issues Security issues: - CVE-2026-33811: net: crash when handling long CNAME response bsc1264508. - CVE-2026-33814: net/http: infinite loop in HTTP/2 transport when given bad SETTINGSMAXFRAMESIZE bsc1264506. - CVE-2026-39817: cmd/go: 'go tool pack' does...

7.5CVSS5.8AI score0.00813EPSS
Exploits0References25
NVD
NVD
added 2026/04/23 4:16 p.m.7 views

CVE-2026-41238

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype...

6.9CVSS0.00225EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 2:43 p.m.38 views

CVE-2026-41238 DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype...

6.9CVSS0.00225EPSS
Exploits0References2
CVE
CVE
added 2026/04/23 2:43 p.m.198 views

CVE-2026-41238

DOMPurify is vulnerable to a prototype-pollution-based XSS bypass in versions 3.0.1–3.3.3 when using the default sanitize() config (no CUSTOM_ELEMENT_HANDLING). A polluted Object.prototype can inject permissive tagNameCheck and attributeNameCheck values, allowing arbitrary custom elements with ev...

6.9CVSS5.7AI score0.00225EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 5:31 p.m.10 views

DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback

Summary DOMPurify versions 3.0.1 through 3.3.3 latest are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype pollution gadget can inject permissive tagNameCheck and...

6.9CVSS7.4AI score0.00225EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/01/22 3:31 a.m.6 views

CVE-2026-24037 Horilla HRM has XSS Bypass through Project Name

Horilla is a free and open source Human Resource Management System HRMS. In version 1.4.0, the hasxss function attempts to block XSS by matching input against a set of regex patterns. However, the regexes are incomplete and context-agnostic, making them easy to bypass. Attackers are able to...

4.8CVSS5.4AI score0.00227EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.5 views

MiracleLinux 7 : firefox-68.2.0-1.0.1.el7.AXS7 (AXSA:2019-4378:06)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2019-4378:06 advisory. Mozilla: Memory safety bugs fixed in Firefox 70 and Firefox ESR 68.2 CVE-2019-11764 Mozilla: Use-after-free when creating index updates in IndexedDB...

8.8CVSS7.9AI score0.01799EPSS
Exploits2References9
OSV
OSV
added 2025/10/15 4:52 p.m.5 views

CVE-2025-62380 Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...

6.3CVSS7.5AI score0.00409EPSS
Exploits0References4
OSV
OSV
added 2025/10/14 7:49 p.m.3 views

GHSA-XW6R-CHMH-VPMJ Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...

2.3CVSS7.4AI score0.00387EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2007-4096

Malware in sbrugna...

6.8CVSS6.4AI score0.01081EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-0498

Malware in sbrugna...

6.1CVSS6.2AI score0.00997EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2015-6119

Malware in sbrugna...

4.3CVSS6.1AI score0.10826EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2005-0649

Malware in sbrugna...

4.3CVSS6.4AI score0.01274EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2016-6075

Malware in sbrugna...

6.1CVSS6.3AI score0.01341EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/23 12:0 a.m.5 views

HP Poly Clariti Manager 安全漏洞

HP Poly Clariti Manager is a centralized management, control, and optimization software for video conferencing infrastructure from Hewlett-Packard HP in the United States. A security vulnerability exists in HP Poly Clariti Manager versions prior to 10.12.2 that originates from unverified...

4.8CVSS6AI score0.00184EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/21 8:1 p.m.9 views

CVE-2009-2705

CA SiteMinder allows remote attackers to bypass cross-site scripting XSS protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters...

4.3CVSS6AI score0.04359EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/04/02 12:0 a.m.6 views

Webmin < 2.100 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.100. It is, therefore, affected by multiple vulnerabilities: - A Cross-Site Scripting XSS vulnerability exists in the Users Real name parameter. - A Cross-Site Scripting XSS vulnerability exists in...

6.1CVSS6AI score0.00708EPSS
Exploits9References11
OSV
OSV
added 2025/02/03 3:39 p.m.22 views

GHSA-R57H-547H-W24F PhpSpreadsheet allows bypassing of XSS sanitizer using the javascript protocol and special characters

Product: PhpSpreadsheet Version: 3.8.0 CWE-ID: CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' CVSS vector v.3.1: 5.4 AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS vector v.4.0: 4.8 AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N Description: an attack...

5.4CVSS5.7AI score0.00403EPSS
Exploits0References4
Rows per page
Query Builder