CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

23 matches found

CVE-2026-50556

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.0-rc.2, 21.2.16, 20.3.24, and 19.2.25, a Cross-Site Scripting XSS vulnerability exists in @angular/platform-server's DOM emulation dependency domino wh...

8.6CVSS5.8AI score0.00062EPSS

Exploits0References4Affected Software1

Github Security Blog•added 2026/06/12 7:6 p.m.•9 views

TYPO3 HTML Sanitizer allows Cross-site Scripting

When ALLOWINSECURERAWTEXT is enabled, whitespace-variant closing tags e.g., are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content to escape sanitization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitiz...

2.1CVSS4.9AI score0.00282EPSS

Exploits0References6Affected Software1

OSV•added 2026/06/12 7:6 p.m.•9 views

GHSA-JVF5-RXVV-3MCG TYPO3 HTML Sanitizer allows Cross-site Scripting

2.1CVSS5AI score0.00282EPSS

Exploits0References6

Positive Technologies•added 2026/06/10 12:0 a.m.•9 views

PT-2026-48393

The MW WP Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'memo' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access and above,...

4.4CVSS5.7AI score0.00203EPSS

Exploits0References7

RedhatCVE•added 2026/06/09 8:59 p.m.•8 views

CVE-2026-47344

2.1CVSS5.2AI score0.00282EPSS

Exploits0References1

NVD•added 2026/06/08 8:17 p.m.•10 views

CVE-2026-47344

2.1CVSS0.00282EPSS

Exploits0References2

Vulnrichment•added 2026/06/08 7:3 p.m.•7 views

CVE-2026-47344 TYPO3 HTML Sanitizer allows Cross-Site Scripting

2.1CVSS5.2AI score0.00282EPSS

Exploits0References2

Cvelist•added 2026/06/08 7:3 p.m.•32 views

CVE-2026-47344 TYPO3 HTML Sanitizer allows Cross-Site Scripting

2.1CVSS0.00282EPSS

Exploits0References2

CVE•added 2026/06/08 7:3 p.m.•20 views

CVE-2026-47344

TYPO3 HTML Sanitizer (typo3/html-sanitizer) vulnerability CVE-2026-47344 affects versions before 2.3.2. When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., ) are not recognized by the sanitizer but browsers accept them as valid end tags, allowing subsequent content to ...

2.1CVSS5.2AI score0.00282EPSS

Exploits0References2

Positive Technologies•added 2026/06/08 12:0 a.m.•7 views

PT-2026-47448

Name of the Vulnerable Software and Affected Versions typo3/html-sanitizer versions prior to 2.3.2 Description When the ALLOW INSECURE RAW TEXT setting is enabled, the sanitizer fails to recognize closing tags containing whitespace variants, such as . Because browsers interpret these as valid end...

2.1CVSS4.9AI score0.00282EPSS

Exploits0References9

CNNVD•added 2026/06/08 12:0 a.m.•9 views

HTMLSanitizer 跨站脚本漏洞

HTMLSanitizer is an HTML formatting software open source by JuliaHub. Versions of HTMLSanitizer prior to 2.3.2 had a cross-site scripting vulnerability. This vulnerability occurred when ALLOWINSECURERAWTEXT was enabled, resulting in blank variant closing tags being ignored, which could lead to...

2.1CVSS4.9AI score0.00282EPSS

Exploits0References1

EUVD•added 2026/04/24 4:57 p.m.•2 views

EUVD-2026-25573

Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex //g to sanitize values injected into inline tags via the define:vars directive. HTML parsers close elements case-insensitively and also accept whitespace o...

6.1CVSS5.5AI score0.00189EPSS

Exploits1References1

IBM Security Bulletins•added 2025/12/10 1:54 p.m.•7 views

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak and may result in tags incorrectly marked as self-closing (CVE-2025-22872).

Summary A vulnerability in Go affects IBM Robotic Process Automation for Cloud Pak and may result in tags incorrectly marked as self-closing. Go is used by IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes required to resolve the...

6.5CVSS7.2AI score0.0045EPSS

Exploits0Affected Software1

Amazon•added 2025/06/02 12:0 a.m.•10 views

Important: runfinch-finch

Issue Overview: The net/http package accepted data in the chunked transfer encoding containing an invalid chunk-size line terminated by a bare LF. When used in conjunction with a server or proxy which incorrectly interprets a bare LF in a chunk extension as part of the extension, this could permi...

9.1CVSS7.6AI score0.00682EPSS

Exploits0

NVD•added 2025/04/16 6:16 p.m.•7 views

CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

6.5CVSS0.0045EPSS

Exploits0References5

OSV•added 2025/04/16 6:16 p.m.•8 views

CVE-2025-22872

6.6AI score

Exploits0References5

CVE•added 2025/04/16 5:13 p.m.•269 views

CVE-2025-22872

CVE-2025-22872 involves the HTML tokenizer and related parsing logic where unquoted attribute values ending with a slash (/) are misinterpreted as self-closing tags. This only affects tags in foreign content (e.g., , ) and can cause incorrect DOM scope during parsing when using the Tokenizer dire...

6.5CVSS6.5AI score0.0045EPSS

Exploits0References5