CVE-2026-7907

Use after free in DOM in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...

KLA91026 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service, execute arbitrary code, obtain sensitive information. Below is a complete list of vulnerabilities: 1. A remote code execution...

justhtml has sanitization bypass in custom policies and programmatic DOM

Summary justhtml 1.17.0 fixes multiple security issues in sanitization, serialization, and programmatic DOM handling. Most of these issues affected advanced or custom configurations rather than the default safe path. Affected versions - justhtml , MathML , SVG / , and MathML text integration poin...

CVE-2025-55273 HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability

HCL Aftermarket DPC is affected by Cross Domain Script Include vulnerability where an attacker using external scripts can tamper with the DOM, altering the content or behavior of the application. Malicious scripts can steal cookies or session tokens, leading to session hijacking...

firefox: thunderbird: Mitigation bypass in the DOM: HTML Parser component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Mitigation bypass in the DOM: HTML Parser component...

firefox: thunderbird: Undefined behavior in the DOM: Core & HTML component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Undefined behavior in the DOM: Core & HTML component...

CVE-2026-2805

Invalid pointer in the DOM: Core & HTML component. This vulnerability affects Firefox 148 and Thunderbird 148...

cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service

A flaw was found in cpython. This vulnerability allows impacted availability via a quadratic algorithm in xml.dom.minidom methods, such as appendChild, when building excessively nested documents due to a dependency on clearidcache...

CVE-2025-68166

In JetBrains TeamCity before 2025.11 a DOM-based XSS was possible on the OAuth connections tab...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: Mitigation bypass in the DOM: Security component CVE-2025-13018 firefox: Use-after-free in the Audio/Video component CVE-2025-13014 firefox: Incorrect boundary conditions in the JavaScript: WebAssembly compone...

MGASA-2025-0300 Updated firefox packages fix security vulnerabilities

Race condition in the Graphics component. CVE-2025-13012 Mitigation bypass in the DOM: Core & HTML component. CVE-2025-13013 CVE-2025-13014: Use-after-free in the Audio/Video component. CVE-2025-13014 Spoofing issue in Firefox. CVE-2025-13015 Incorrect boundary conditions in the JavaScript:...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Security Vulnerabilities fixed in Firefox ESR 115.30 — Mozilla

CVE-2025-13012: Race condition in the Graphics component Reporter Irvan Kurniawan Impact high References Bug 1991458 CVE-2025-13013: Mitigation bypass in the DOM: Core & HTML component Reporter Masato Kinugawa Impact moderate References Bug 1991945 CVE-2025-13014: Use-after-free in the Audio/Vide...

CLSA-2025-1750688636 gcc: Fix of CVE-2020-11023

CVE-2020-11023: sanitize HTML content passed to DOM manipulation methods to prevent execution of untrusted code...

OESA-2025-1493 qt6-qtbase security update

Qt is a software toolkit for developing applications. Security Fixes: encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string with relocation of later data.CVE-2025-30348...

CVE-2024-53967

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged...

CVE-2023-48115

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request...

JDOM 代码问题漏洞

JDOM is jdom an open source Java-based XML document object model , it is designed specifically for the Java platform . A security vulnerability exists in JDOM 2.0.6 and earlier versions that can be exploited by an attacker to cause a denial of service via a crafted HTTP request...

Mozilla: XSS when pasting attacker-controlled data into a contenteditable element

The Mozilla Foundation Security Advisory describes this flaw as: Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element...

UBUNTU-CVE-2015-1218

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents,...