20 matches found
OPENSUSE-SU-2026:20345-1 Security update for python-lxml_html_clean
This update for python-lxmlhtmlclean fixes the following issues: Changes in python-lxmlhtmlclean: - CVE-2026-28348: improper keywords checking can allow external CSS loading bsc1259378 - CVE-2026-28350: lack of base tag handling can allow the hijacking of the resolution of relative URLs bsc125937...
SUSE CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
Linux Distros Unpatched Vulnerability : CVE-2026-28350
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner...
EUVD-2026-9511
Pingora has HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing...
DEBIAN-CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
UBUNTU-CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350 lxml_html_clean: <base> tag injection through default Cleaner configuration
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350 lxml_html_clean: <base> tag injection through default Cleaner configuration
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350
CVE-2026-28350 affects the python-lxml_html_clean project. Prior to version 0.4.4, the tag bypassed the default Cleaner configuration, and although page_structure=True removes html, head, and title, there was no specific handling for , allowing an attacker to hijack relative links on the page. T...
CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
CVE-2026-28350 lxml_html_clean: <base> tag injection through default Cleaner configuration
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
lxml_html_clean 安全漏洞
lxmlhtmlclean is a separate project derived from lxml.HTML.clean, open sourced by the Fedora Python SIG. Versions of lxmlhtmlclean prior to 0.4.4 contained security vulnerabilities. These vulnerabilities stemmed from the base tag being used with the default Cleaner configuration, which could allo...
Improper Encoding or Escaping of Output
Overview lxml-html-clean is a HTML cleaner from lxml project Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the default Cleaner configuration due to the incomplete pagestructure kill set that does not account for tags outside tags. An attacker can...
GHSA-XVP8-3MHV-424C lxml-html-clean has <base> tag injection through default Cleaner configuration
Summary The tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inject it and hijack relative links on the page. Details The tag is not currently in the pagestructure kill se...
lxml-html-clean has <base> tag injection through default Cleaner configuration
Summary The tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inject it and hijack relative links on the page. Details The tag is not currently in the pagestructure kill se...
PT-2026-22701
Name of the Vulnerable Software and Affected Versions lxml html clean versions prior to 0.4.4 Description The software does not properly handle the tag during HTML cleaning. Specifically, the tag is not removed even when page structure=True, which removes html, head, and title tags. This allows a...
CVE-2022-50306 ext4: fix potential out of bound read in ext4_fc_replay_scan()
In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential out of bound read in ext4fcreplayscan For scan loop must ensure that at least EXT4FCTAGBASELEN space. If remain space less than EXT4FCTAGBASELEN which will lead to out of bound read when mounting corrupt file...
Hackers Found Using A New Way to Bypass Microsoft Office 365 Safe Links
Security researchers revealed a way around that some hacking groups have been found using in the wild to bypass a security feature of Microsoft Office 365, which is originally designed to protect users from malware and phishing attacks. Dubbed Safe Links, the feature has been included in Office 3...