Lucene search
K

9 matches found

Snyk
Snyk
added 2026/04/22 9:25 p.m.6 views

Infinite loop

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop via custom sanitization policies or programmatic DOM manipulation. An attacker can inject and execute arbitrary scripts, cause resource loading, or trigger externa...

7.7CVSS5.8AI score
Exploits0References5
OSV
OSV
added 2026/04/22 9:25 p.m.7 views

GHSA-VRX2-77F2-WW34 justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

6CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 9:25 p.m.8 views

justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

5.8AI score
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/10 7:20 p.m.3 views

GHSA-C9VM-HV86-F23R justhtml includes multiple security fixes

Summary justhtml 1.15.0 includes multiple security fixes affecting URL sanitization helpers, HTML serialization, Markdown passthrough, and several custom sanitization-policy edge cases. These issues have different impact levels and do not all affect the default configuration in the same way...

5.9AI score
Exploits0References4
Rapid7 Blog
Rapid7 Blog
added 2023/06/29 1:0 p.m.92 views

What’s New in InsightVM and Nexpose: Q2 2023 in Review

The past few weeks have been extraordinary for the global threat landscape with zero-day vulnerabilities like MOVEit CVE-2023-34362 and Barracuda’s Email Security Gateway ESG CVE-2023-2868. Rapid7’s security research team was one of the first to detect exploitation of Progress Software’s MOVEit...

7.5CVSS9.5AI score0.99999EPSS
Exploits60
ATTACKERKB
ATTACKERKB
added 2022/08/24 8:45 p.m.4 views

CVE-2022-27558

HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking...

7.5CVSS5.9AI score0.00491EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/06/17 1:11 a.m.19 views

Path traversal for local publishers in TechDocs backend

Impact A malicious actor with the ability to register entities in the Software Catalog is able to write files to arbitrary paths on the techdocs backend host instance when techdocs.publisher.type is set to local. This vulnerability is mitigated by the fact that the Software Catalog must be...

1.1AI score
Exploits0References3Affected Software2
NVD
NVD
added 2014/01/10 4:47 p.m.20 views

CVE-2013-5010

The Application/Device Control ADC component in the client in Symantec Endpoint Protection SEP 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended...

4.6CVSS6AI score0.00347EPSS
Exploits0References3
Cvelist
Cvelist
added 2014/01/10 4:0 p.m.30 views

CVE-2013-5010

The Application/Device Control ADC component in the client in Symantec Endpoint Protection SEP 11.x before 11.0.7.4 and 12.x before 12.1.2 RU2 and Endpoint Protection Small Business Edition 12.x before 12.1.2 RU2 does not properly handle custom polices, which allows local users to bypass intended...

6AI score0.00347EPSS
Exploits0References3
Rows per page
Query Builder