Lucene search
K

243 matches found

PyPA
PyPA
added 2 days ago5 views

HTML injection in Jupyter Notebook and JupyterLab leading to DOM Clobbering

ImpactThe vulnerability depends on user interaction by opening a malicious notebook with Markdown cells, or Markdown file using JupyterLab preview feature.A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user...

8.8CVSS6.1AI score0.00373EPSS
Exploits0References7Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-54267

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, an...

8.6CVSS6AI score0.00179EPSS
Exploits0References3
OSV
OSV
added 2026/06/22 4:16 p.m.9 views

DEBIAN-CVE-2026-54267

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

6.1CVSS5.8AI score0.00179EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 4:16 p.m.12 views

CVE-2026-54267

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS0.00179EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/22 3:30 p.m.35 views

CVE-2026-54267 Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS0.00179EPSS
Exploits0References3
CVE
CVE
added 2026/06/22 3:30 p.m.26 views

CVE-2026-54267

Summary: Angular’s SSR hydration uses a state element with a predictable id (ng-state). In versions prior to 22.0.1, 21.2.17, and 20.3.25, an attacker could DOM-clobber by injecting an element with that id before the legitimate [removed] tag is parsed, causing Angular to parse forged JSON from Tr...

8.6CVSS5.9AI score0.00179EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/22 3:30 p.m.11 views

EUVD-2026-38271

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to 22.0.1, 21.2.17, and 20.3.25, to optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via...

8.6CVSS5.9AI score0.00179EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/22 12:18 p.m.7 views

CVE-2026-42573

A flaw was found in Svelte, a web framework. An attacker could exploit a DOM clobbering vulnerability, which allows manipulation of the Document Object Model DOM to overwrite internal framework state on elements. This could potentially lead to Cross-Site Scripting XSS attacks, enabling the attack...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/06/15 3:16 p.m.12 views

Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...

8.6CVSS5.4AI score0.00179EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/15 3:16 p.m.5 views

GHSA-RGJC-H3X7-9MWG Angular Client Hydration DOM Clobbering & Response-Cache Poisoning

To optimize client-side bootstrap in Server-Side Rendered SSR environments, Angular supports Hydration via provideClientHydration. During SSR, Angular serializes the application's runtime state such as cached HttpClient responses and outputs it into the HTML stream as a tag with a predictable...

8.6CVSS5.5AI score0.00179EPSS
Exploits0References4
NVD
NVD
added 2026/06/09 5:17 p.m.9 views

CVE-2026-42573

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

8.1CVSS0.00319EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/09 4:21 p.m.30 views

CVE-2026-42573 Svelte: XSS via DOM Clobbering of Internal Framework State

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

5.3CVSS0.00319EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/09 4:21 p.m.11 views

EUVD-2026-35701

Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7...

5.3CVSS5.3AI score0.00319EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 4:21 p.m.18 views

CVE-2026-42573

CVE-2026-42573 (Svelte) describes a DOM clobbering vulnerability in Svelte prior to version 5.55.7, where internal framework state can be overwritten on elements, potentially enabling Cross-Site Scripting (XSS). The issue has been fixed in 5.55.7. Affected scope : Svelte versions before 5.55.7 (a...

8.1CVSS5.3AI score0.00319EPSS
Exploits0References5Affected Software1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Firefox

Firefox adds web-compatibility shims as a replacement for some tracking scripts that are blocked by Enhanced Tracking Protection. On a site protected by the Content Security Policy in “strict-dynamic” mode, an attacker who can inject an HTML element could use a DOM Clobbering attack on some of th...

6.1CVSS6.6AI score0.00461EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/19 10:29 p.m.9 views

CVE-2026-8492 Translate Drupal with GTranslate - Less critical - DOM clobbering / link manipulation - SA-CONTRIB-2026-035

Modification of Assumed-Immutable Data MAID vulnerability in Drupal Translate Drupal with GTranslate allows Resource Location Spoofing. This issue affects Translate Drupal with GTranslate: from 0.0.0 before 3.0.5...

5.8AI score0.00236EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 10:29 p.m.30 views

CVE-2026-8492

The CVE-2026-8492 issue concerns the GTranslate/Translate Drupal module for Drupal, where a MAID vulnerability allows Resource Location Spoofing. The root cause is inadequate validation in the module’s language-switcher widget JavaScript, specifically around document.currentScript, which can caus...

2.7CVSS5.8AI score0.00236EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/14 8:29 p.m.7 views

GHSA-RCQX-6Q8C-2C42 Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/05/14 8:29 p.m.10 views

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

NPM: Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State vulnerability discovered by ? in WordPress Npm svelte versions = 5.55.6...

5.8AI score0.00319EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/14 8:29 p.m.10 views

Svelte Vulnerable to XSS via DOM Clobbering of Internal Framework State

Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. You are vulnerable if all of the following is true: - you are using attribute spreading on a form element - you are using attribute spreading or allow a dynamic value for the...

8.1CVSS5.8AI score0.00319EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder