Lucene search
K

7 matches found

Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.3 views

openSUSE 16 Security Update : python-lxml_html_clean (openSUSE-SU-2026:20345-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20345-1 advisory. Changes in python-lxmlhtmlclean: - CVE-2026-28348: improper keywords checking can allow external CSS loading bsc1259378 - CVE-2026-28350: lack o...

6.1CVSS5.9AI score0.00254EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/03/12 12:0 a.m.7 views

Fedora 42 : python-lxml-html-clean (2026-154efc6066)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-154efc6066 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...

6.1CVSS5.9AI score0.00254EPSS
Exploits2References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/03/11 12:0 a.m.5 views

python311-lxml_html_clean-0.4.4-1.1 on GA media (moderate)

python311-lxmlhtmlclean-0.4.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10322-1 Rating: moderate Cross-References: CVE-2026-28348 CVE-2026-28350 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues...

6.1CVSS5.8AI score0.00254EPSS
Exploits2
OSV
OSV
added 2026/03/05 7:49 p.m.2 views

CVE-2026-28348 lxml_html_clean: CSS @import Filter Bypass via Unicode Escapes

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS5.7AI score0.00228EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2026/03/05 7:49 p.m.5 views

CVE-2026-28348

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

6.1CVSS5.1AI score0.00228EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/02 7:19 p.m.5 views

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +30 more potentially affected by CVE-2026-28348 via lxml-html-clean (>=0.1.0 <=0.4.3)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.2.0, =2.2.16, =0.9.0, =0.0.9, =0.6.0, =0.2.0, =0.2.3 and more Source cves: CVE-2026-28348 Source advisory: OSV:GHSA-HW26-MMPG-FQFG...

6.1CVSS5.4AI score0.00228EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2026/03/02 7:19 p.m.6 views

ailingo (>=0.2.0 <=0.4.0), async-scrape (>=0.1.19 <=0.1.20) +30 more potentially affected by CVE-2026-28348 via lxml-html-clean (>=0.1.0 <=0.4.3)

lxml-html-clean PYPI version =0.1.0, =0.2.0, =0.1.19, =0.3.1, =0.0.550, =0.1.0, =0.0.7, =0.2.0, =2.2.16, =0.9.0, =0.0.9, =0.6.0, =0.2.0, =0.2.3 and more Source cves: CVE-2026-28348 Source advisory: SNYK:PYTHON-LXMLHTMLCLEAN-15369490...

6.1CVSS5.4AI score0.00228EPSS
Exploits1
Rows per page
Query Builder