Lucene search
K

541 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago6 views

Linux Distros Unpatched Vulnerability : CVE-2026-15308

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontroll...

8.7CVSS6.1AI score0.00553EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42638

The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...

8.7CVSS5.9AI score0.00553EPSS
Exploits0References7
CVE
CVE
added 5 days ago157 views

CVE-2026-15308

The CVE-2026-15308 issue concerns Python’s incremental HTML parser (html.parser.HTMLParser) where the feed() path can cause CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. The root cause is tied to how unterminated markup declarations are...

8.7CVSS5.9AI score0.00553EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 5 days ago7 views

golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

6.1CVSS6.6AI score0.00178EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 7:33 p.m.5 views

golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

6.1CVSS6.5AI score0.00178EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/07/01 6:46 p.m.8 views

golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

6.1CVSS6.5AI score0.00178EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/01 12:34 a.m.13 views

EUVD-2026-40665

Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6AI score0.00171EPSS
Exploits0References3
OSV
OSV
added 2026/06/30 11:17 p.m.2 views

DEBIAN-CVE-2026-13977

Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS6AI score0.00171EPSS
Exploits0References1
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-13977

Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS0.00171EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/30 10:38 p.m.5 views

CVE-2026-13977

Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

5.4CVSS6AI score0.00171EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.27 views

CVE-2026-13977

Inappropriate implementation in HTMLParser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

0.00171EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.6 views

PT-2026-54253

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in the HTMLParser allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that allows scripts to execute across...

9.6CVSS6.2AI score0.00413EPSS
Exploits0References448
OSV
OSV
added 2026/06/25 7:40 a.m.10 views

BIT-PYTHON-2026-6019 BaseCookie.js_output() does not neutralize embedded characters

http.cookies.Morsel.jsoutput returns an inline snippet and only escapes " for JavaScript string context. It does not neutralize the HTML parser-sensitive sequence inside the generated script element. Mitigation base64-encodes the cookie value to disallow escaping using cookie value...

6.1CVSS5.2AI score0.00229EPSS
Exploits1References7
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Firefox, Thunderbird

Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8...

9.8CVSS6.1AI score0.00552EPSS
Exploits0References3
OSV
OSV
added 2026/06/20 6:49 a.m.2 views

SUSE-SU-2026:22189-1 Security update for perl-HTML-Parser

This update for perl-HTML-Parser fixes the following issue - CVE-2026-8829: HTML:Entities versions before 3.84 for Perl read freed heap memory in decodeentities bsc1267606...

7.5CVSS5.8AI score0.0031EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 11:37 p.m.37 views

CVE-2026-12047

CVE-2026-12047 – pgAdmin 4 : HTML injection in the cloud deployment module arises when unsanitised exception text (from verify_credentials, deploy, and related endpoints under /rds/, /azure/, /google/, and /cloud/) is echoed into JSON response fields (info/errormsg) and rendered by the Cloud Wiza...

5.4CVSS5.3AI score0.00137EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.27 views

PT-2026-50814

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions 6.0 through 9.15 Description Stored cross-site scripting exists in the error-rendering and plan-node-rendering paths. Text returned by a PostgreSQL server, such as ErrorResponse messages, object names in...

9.3CVSS5.9AI score0.0021EPSS
Exploits0References13
CBLMariner
CBLMariner
added 2026/06/13 6:21 p.m.10 views

CVE-2026-8829 affecting package perl-HTML-Parser for versions less than 3.82-2

CVE-2026-8829 affecting package perl-HTML-Parser for versions less than 3.82-2. A patched version of the package is available...

7.5CVSS5.2AI score0.0031EPSS
Exploits0
OSV
OSV
added 2026/06/12 12:27 p.m.16 views

OESA-2026-2672 perl-HTML-Parser security update

Objects of the HTML::Parser class will recognize markup and separate it from plain text alias data content in HTML documents. As different kinds of markup and text are recognized, the corresponding event handlers are invoked. Security Fixes: HTML::Entities versions before 3.84 for Perl read freed...

7.5CVSS5.5AI score0.0031EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/08 12:0 a.m.10 views

perl-HTML-Parser-3.850.0-1.1 on GA media (moderate)

perl-HTML-Parser-3.850.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10957-1 Rating: moderate Cross-References: CVE-2026-8829 CVSS scores: CVE-2026-8829 SUSE : 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can...

4.8CVSS5.4AI score0.0031EPSS
Exploits0
Rows per page
Query Builder