CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

ATTACKERKB•added 2026/05/06 7:40 a.m.•2 views

CVE-2026-43082

In the Linux kernel, the following vulnerability has been resolved: net: txgbe: leave space for null terminators on propertyentry Lists of struct propertyentry are supposed to be terminated with an empty property, this driver currently seems to be allocating exactly the amount of entry used. Chan...

5.7AI score0.00013EPSS

Exploits0References6Affected Software1

NVD•added 2026/04/23 4:16 p.m.•1 views

CVE-2026-41240

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions prior to 3.4.0 have an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214. The same fix was not...

6.1CVSS0.00013EPSS

Exploits1References3

OSV•added 2026/04/22 5:34 p.m.•2 views

GHSA-H7MW-GPVR-XQ4M DOMPurify: FORBID_TAGS bypassed by function-based ADD_TAGS predicate (asymmetry with FORBID_ATTR fix)

There is an inconsistency between FORBIDTAGS and FORBIDATTR handling when function-based ADDTAGS is used. Commit c361baa added an early exit for FORBIDATTR at line 1214: / FORBIDATTR must always win, even if ADDATTR predicate would allow it / if FORBIDATTRlcName return false; The same fix was not...

6CVSS5.7AI score0.00013EPSS

Exploits1References5