5254 matches found
CVE-2026-0540 DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...
CVE-2026-0540
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...
CVE-2026-0540 DOMPurify XSS via Missing Rawtext Elements in SAFE_FOR_XML
DOMPurify 3.1.3 through 3.3.1 and 2.5.3 through 2.5.8, fixed in commit 2726c74, contain a cross-site scripting vulnerability that allows attackers to bypass attribute sanitization by exploiting five missing rawtext elements noscript, xmp, noembed, noframes, iframe in the SAFEFORXML regex. Attacke...
Dell Command | Intel vPro Out of Band 代码问题漏洞
Dell Command | Intel vPro Out of Band is an application developed by the American company Dell that provides out-of-band management solutions. It allows for remote management of client systems, regardless of the system’s power state. Versions of Dell Command | Intel vPro Out of Band prior to...
DOMPurify 安全漏洞
DOMPurify is a JavaScript-based tool developed by Cure53’s individual developer, designed for use with HTML, MathML, and SVG documents. Versions 3.1.3 to 3.3.1 and 2.5.3 to 2.5.8 of DOMPurify contain security vulnerabilities. These vulnerabilities stem from the lack of handling for five specific...
PT-2026-22765
Name of the Vulnerable Software and Affected Versions DOMPurify versions 2.5.3 through 2.5.8 DOMPurify versions 3.1.3 through 3.3.1 Description DOMPurify contains a cross-site scripting issue that allows attackers to bypass attribute sanitization. This bypass is achieved by exploiting missing...
Improper Encoding or Escaping of Output
Overview lxml-html-clean is a HTML cleaner from lxml project Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the hassneakyjavascript function. An attacker can cause external CSS to be loaded or execute scripts in certain browsers by injecting special...
CVE-2026-28131
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
EUVD-2026-8844
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131
The CVE-2026-28131 entry concerns the WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder, affecting versions from unspecified to 1.14.4. The issue is described as an exposure where sensitive information can be inserted into sent data, allowing retrieval of embedded sensiti...
CVE-2026-28131 WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
CVE-2026-28131 WordPress Elementor Addon Elements plugin <= 1.14.4 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
PT-2026-22133
Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through = 1.14.4...
WordPress plugin Elementor Addon Elements 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...
EUVD-2026-8718
This vulnerability is caused by a CWE‑159: "Improper Handling of Invalid Use of Special Elements" weakness, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash...
PT-2026-21986
Name of the Vulnerable Software and Affected Versions Windows versions prior to September 2025 cumulative update for Windows 11 2024 LTSC and Windows Server 2025 Windows 11 23H2 and earlier Description The issue is caused by improper handling of invalid use of special elements within the CLFS.sys...
Linksys MR9600和Linksys MX4200 安全漏洞
The Linksys MR9600 and Linksys MX4200 are both products of the American company Linksys. The Linksys MR9600 is a wireless router. The Linksys MX4200 is a mesh network router. Both the Linksys MR9600 version 1.0.4.205530 and the Linksys MX4200 version 1.0.13.210200 have security vulnerabilities,...
DEBIAN-CVE-2026-26983
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a...