ROOT-APP-MAVEN-CVE-2023-26119 CVE-2023-26119 in io.root.net.sourceforge.htmlunit:htmlunit - Patched by Root

Root has patched CVE-2023-26119 in the io.root.net.sourceforge.htmlunit:htmlunit package for Root:Maven. Multiple fixed versions available...

Ubuntu 16.04 LTS / 18.04 LTS : HtmlUnit vulnerability (USN-8220-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8220-1 advisory. It was discovered that HtmlUnit was vulnerable to remote code execution via XSLT when browsing an attacker-controlled webpage. An attacker could...

USN-8220-1: HtmlUnit vulnerability

It was discovered that HtmlUnit was vulnerable to remote code execution via XSLT when browsing an attacker-controlled webpage. An attacker could possibly use this issue to execute arbitrary code in the context of the application using HtmlUnit...

USN-8220-1 htmlunit vulnerability

It was discovered that HtmlUnit was vulnerable to remote code execution via XSLT when browsing an attacker-controlled webpage. An attacker could possibly use this issue to execute arbitrary code in the context of the application using HtmlUnit...

OSV-2026-535 Security exception in org.htmlunit.cyberneko.HTMLTagBalancer.endElement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=499447433 Crash type: Security exception Crash state: org.htmlunit.cyberneko.HTMLTagBalancer.endElement java.base/sun.nio.cs.CESU8.updatePositions java.base/sun.nio.cs.CESU8$Encoder.encodeArrayLoop...

OSV-2026-76 Security exception in org.htmlunit.cyberneko.HTMLTagBalancer.endElement

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=476170180 Crash type: Security exception Crash state: org.htmlunit.cyberneko.HTMLTagBalancer.endElement org.htmlunit.cyberneko.HTMLElements$HTMLElementsWithCache.getElement...

EUVD-2020-0412

Malware in sbrugna...

EUVD-2022-1739

Malicious code in bioql PyPI...

EUVD-2023-3079

Malicious code in bioql PyPI...

EUVD-2023-1944

Malicious code in bioql PyPI...

EUVD-2022-1649

Malicious code in bioql PyPI...

EUVD-2023-1621

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-5529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute...

Linux Distros Unpatched Vulnerability : CVE-2023-49093

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - HtmlUnit is a GUI-less browser for Java programs. HtmlUnit is vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker's webpage. This...

Linux Distros Unpatched Vulnerability : CVE-2023-2798

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Those using HtmlUnit to browse untrusted webpages may be vulnerable to Denial of service attacks DoS. If HtmlUnit is running on user supplied web pages, an...

CVE-2023-26119

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...

CVE-2022-29546

HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction PI data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product...

CVE-2022-28366

Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction PI input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 also...

Security Bulletin: IBM Security Verify Governance - Identity Manager has multiple vulnerabilities

Summary Multiple security vulnerabilities have been addressed in updates to IBM Security Verify Governance - Identity Manager software component and IBM Security Verify Governance - Identity Manager virtual appliance component. Vulnerability Details CVEID:CVE-2024-22262 DESCRIPTION: VMware Tanzu...

Malicious input can provoke XSS when preserving comments

Impact There is a potential for a mutation XSS mXSS vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the preserveComments directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in...