CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

55 matches found

CNNVD•added 2026/05/19 12:0 a.m.•6 views

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.179 contained a resource management vulnerability. This vulnerability stemmed from the reuse of DOM elements after their release, which could allow remote attackers to execute arbitrary code with...

8.8CVSS6.2AI score0.0003EPSS

Exploits0References3

Snyk•added 2026/05/11 6:31 p.m.•5 views

Cross-site Scripting (XSS)

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to Cross-site Scripting XSS via the assignment of user-controlled PostgreSQL object names to DOM elements using innerHTML. An attacker can execute arbitrary JavaScript code in the browser of any user who...

8.4CVSS5.9AI score0.00023EPSS

Exploits1References2

Cvelist•added 2025/12/11 5:52 p.m.•25 views

CVE-2025-14046 Insufficient HTML Sanitization Allows User-Controlled DOM Elements to Overwrite Server-Initialized Data Islands and Trigger Unintended Server-Side POST Requests

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allowed user-supplied HTML to inject DOM elements with IDs that collided with server-initialized data islands. These collisions could overwrite or shadow critical application state objects used by...

8.6CVSS0.00028EPSS

Exploits0References5

CVE•added 2025/12/11 5:52 p.m.•12 views

CVE-2025-14046

CVE-2025-14046 affects GitHub Enterprise Server; improper input neutralization allows user-supplied HTML to inject DOM elements with conflicting IDs, shadowing server-initialized data islands and causing unintended server-side POST requests or other unauthorized backend interactions. Exploitation...

8.6CVSS6AI score0.00028EPSS

Exploits0References5Affected Software1

NVD•added 2025/08/19 4:15 a.m.•4 views

CVE-2025-7496

The WPC Smart Compare for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via DOM elements in all versions up to, and including, 6.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-lev...

6.4CVSS0.00058EPSS

Exploits0References2

OSV•added 2023/03/20 8:44 p.m.•36 views

GHSA-XRQQ-WQH4-5HG2 svg-sanitizer has Cross-site Scripting Bypass

Update In 88 we have determined that the bypass this security advisory was created for, was a false positive and as such we have requested that the CVE be rejected. A bypass has been found that allows an attacker to upload an SVG with persistent XSS. HTML elements within CDATA needed to be...

5.3CVSS9.3AI score

Exploits0References5

Github Security Blog•added 2023/03/20 8:44 p.m.•28 views

svg-sanitizer has Cross-site Scripting Bypass

9.1AI score

Exploits0References5Affected Software1

Jake Archibald's Blog•added 2021/11/22 1:0 a.m.•18 views

Cross-fading any two DOM elements is currently impossible

Update: A spec change has landed to make this possible, it'll ship in Chrome 100, it's been implemented in Firefox, and it already existed as a non-standard feature in Safari. Soon this feature will be supported across all major browsers! Ok, it isn't always impossible. Be amazed as I cross-fade...

6.8AI score

Exploits0

Tenable Nessus•added 2020/12/02 12:0 a.m.•8 views

DOM Elements Excluded

Some DOM elements matched one or more entries in the DOM Exclusion list and therefore were excluded from interactions. No source data...

7.4AI score

Exploits0

Veracode•added 2020/07/13 3:18 a.m.•9 views

Denial Of Service (DoS)

html-to-text is vulnerable to denial of service DoS. The library does not properly handle parsed HTML when it either very deep or has a big amount of DOM elements, allowing a malicious user to cause an application crash...

3AI score

Exploits0

Tenable Nessus•added 2019/08/12 12:0 a.m.•48 views

NewStart CGSL MAIN 4.05 : firefox Multiple Vulnerabilities (NS-SA-2019-0103)

The remote NewStart CGSL host, running version MAIN 4.05, has firefox packages installed that are affected by multiple vulnerabilities: - A buffer overflow in WebGL triggerable by web content, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR...

9.8CVSS8.1AI score0.23444EPSS

Exploits34References46

RedHat Linux•added 2019/05/13 5:3 a.m.•1 views

Mozilla: Use-after-free when removing in-use DOM elements

A use-after-free vulnerability can occur when a raw pointer to a DOM element on a page is obtained using JavaScript and the element is then removed while still in use. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 60.6, Firefox ESR 60.6, and Firefox 66...

9.8CVSS7.3AI score0.00927EPSS

Exploits0References5

RedHat Linux•added 2019/05/07 4:19 a.m.•1 views

Mozilla: Use-after-free when removing in-use DOM elements

9.8CVSS7.3AI score0.00927EPSS

Exploits0References5

OSV•added 2019/04/26 5:29 p.m.•1 views

DEBIAN-CVE-2019-9790

9.8CVSS9.2AI score0.00927EPSS

Exploits0References1

RedHat Linux•added 2019/03/20 3:21 p.m.•1 views

Mozilla: Use-after-free when removing in-use DOM elements

9.8CVSS7.3AI score0.00927EPSS

Exploits0References5

NVD•added 2018/06/11 9:29 p.m.•14 views

CVE-2017-5442

A use-after-free vulnerability during changes in style when manipulating DOM elements. This results in a potentially exploitable crash. This vulnerability affects Thunderbird 52.1, Firefox ESR 45.9, Firefox ESR 52.1, and Firefox 53...

9.8CVSS9.4AI score0.01915EPSS

Exploits0References11

OSV•added 2018/06/11 9:29 p.m.•0 views

DEBIAN-CVE-2017-5442

9.8CVSS9.2AI score0.01915EPSS

Exploits0References1