CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

CVE-2026-34119 Heap-based Buffer Overflow Vulnerability Leading to Denial-of-Service in TP-Link Tapo C520WS

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP parsing loop when appending segmented request bodies without continuous write‑boundary verification, due to insufficient boundary validation when handling externally supplied HTTP input. An...

AZL-76796 CVE-2025-47911 affecting package cri-o 1.30.1-1

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from Google, Inc. of the United States. There is a security vulnerability in Google Go, which stems from the html.Parse function in golang.org/x/net/html. When processing certain...

CVE-2025-68475

CVE-2025-68475 describes a ReDoS in Fedify's HTML document loader. A vulnerable regex in packages/fedify/src/runtime/docloader.ts uses nested quantifiers that enable catastrophic backtracking when parsing malicious HTML, potentially blocking the Node.js event loop. Affected versions are prior to ...

Linux Distros Unpatched Vulnerability : CVE-2017-2666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It was discovered in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy...

Linux Distros Unpatched Vulnerability : CVE-2018-6110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Parsing documents as HTML in Downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to cause Chrome to execute scripts via a local non-HTML...

CLSA-2024-1706026686 Fix CVE(s): CVE-2023-50269

SECURITY UPDATE: Denial of Service in HTTP Request parsing - debian/patches/CVE-2023-50269.patch: Limit the number of allowed X-Forwarded-For hops - CVE-2023-50269...

PT-2023-35651 · Git +1 · Libxml2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free READ 1 crash type. The crash state involves functions such as htmlParseDocument, htmlDoRead, and...

Microsoft Internet Explorer and Microsoft Edge Spoofing Vulnerability

Microsoft Edge and Microsoft Internet Explorer IE are both products of Microsoft Corporation.Microsoft Edge is a web browser that comes with Windows 10 and later.Microsoft Internet Explorer is a web browser that comes with Windows operating systems. Microsoft Edge is a web browser that comes with...

Mozilla: HTML parsing error can contribute to content XSS

Due to an error while parsing page content, it is possible for properly sanitized user input to be misinterpreted and lead to XSS hazards on web sites in certain circumstances. This vulnerability affects Firefox ESR 60.8, Firefox 68, and Thunderbird 60.8...

CVE-2019-6756

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit PhantomPDF 9.4.0.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...