18 matches found
CVE-2026-41238 DOMPurify: Prototype Pollution to XSS Bypass via CUSTOM_ELEMENT_HANDLING Fallback
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses DOMPurify.sanitize with the default configuration no CUSTOMELEMENTHANDLING option, a prior prototype...
CVE-2025-66645
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66645 NiceGUI Path Traversal Vulnerability in app.add_media_files() Allows Arbitrary File Reading
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to directory traversal through the App.addmediafiles function, which allows a remote attacker to read arbitrary files on the server filesystem. This issue is fixed in version 3.4.0...
CVE-2025-66470
CVE-2025-66470 affects NiceGUI <= 3.3.1 via the ui.interactive_image component, which renders SVG content with Vue v-html without sanitization. This can lead to stored/reflected XSS through the SVG tag when images are rendered or updated. The issue is fixed in NiceGUI 3.4.0; remediation is to...
CVE-2019-1010296
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core kernel. The component is: opteeos. The fixed version is: 3.4.0 and later...
WordPress 우커머스 네이버페이 Plugin <= 3.3.7 is vulnerable to Cross Site Scripting (XSS)
Software 우커머스 네이버페이 Type Plugin Vulnerable versions = 3.3.7 Fixed in 3.4.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 648c69f3046d Credits Peter Thaleikis Required...
CVE-2019-1010296
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core kernel. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010297
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core kernel context. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010295
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: opteeos. The fixed version is: 3.4.0 and later...
Code injection
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...
Memory corruption
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Boundary crossing. The impact is: Memory corruption of the TEE itself. The component is: opteeos. The fixed version is: 3.4.0 and later...
Buffer overflow
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core kernel context. The component is: opteeos. The fixed version is: 3.4.0 and later...
Buffer overflow
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Code execution in context of TEE core kernel. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010295
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Memory corruption and disclosure of memory content. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010297
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Buffer Overflow. The impact is: Execution of code in TEE core kernel context. The component is: opteeos. The fixed version is: 3.4.0 and later...