758 matches found
a-mailx (=0.1.0), acdh-xml-validator (>=0.1.0 <=1.1.0) +314 more potentially affected by CVE-2026-41066 via lxml (>=6.0.0 <=6.0.4)
lxml PYPI version =6.0.0, =0.1.0, =0.1.3, =0.1.0, =3.0.7, =1.6.6, =1.44.2, =1.0.0, =0.0.1, =2026.5.23, =25.11.0, =0.1.1, =0.3.3, =0.3.7 and more Source cves: CVE-2026-41066 Source advisory: SNYK:PYTHON-LXML-16119103...
PT-2026-34232
Name of the Vulnerable Software and Affected Versions lxml versions prior to 6.1.0 Description Using the default configuration with the resolve entities variable set to True allows untrusted XML input to read local files. This issue affects the iterparse and ETCompatXMLParser functions...
OPENSUSE-SU-2026:10596-1 python-lxml-doc-6.1.0-1.1 on GA media
These are all security issues fixed in the python-lxml-doc-6.1.0-1.1 package on the GA media of openSUSE Tumbleweed...
CVE-2026-6616 TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
CVE-2026-6616
TransformerOptimus SuperAGI up to version 0.0.14 contains a server-side request forgery in the WebScraperTool’s webpage_extractor.py, affecting functions extract_with_bs4, extract_with_3k, and extract_with_lxml. The issue arises in superagi/helper/webpage_extractor.py and is exploitable remotely;...
CVE-2026-6616 TransformerOptimus SuperAGI WebScraperTool webpage_extractor.py extract_with_lxml server-side request forgery
A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extractwithbs4/extractwith3k/extractwithlxml of the file superagi/helper/webpageextractor.py of the component WebScraperTool. Such manipulation leads to server-side request forgery. I...
openSUSE 16 Security Update : python-lxml_html_clean (openSUSE-SU-2026:20345-1)
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20345-1 advisory. Changes in python-lxmlhtmlclean: - CVE-2026-28348: improper keywords checking can allow external CSS loading bsc1259378 - CVE-2026-28350: lack o...
[SECURITY] Fedora 44 Update: python-lxml-html-clean-0.4.4-1.fc44
HTML cleaner from lxml project...
Fedora 44 : python-lxml-html-clean (2026-f46fc594f3)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f46fc594f3 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
Security update for python-lxml_html_clean (moderate)
openSUSE security update: security update for python-lxmlhtmlclean ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20345-1 Rating: moderate References: bsc1259378 bsc1259379 Cross-References: CVE-2026-28348 CVE-2026-28350 Affected Products: openSUSE...
Fedora 42 : python-lxml-html-clean (2026-154efc6066)
The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-154efc6066 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
Fedora 43 : python-lxml-html-clean (2026-fdded962b2)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fdded962b2 advisory. Security update for python-lxml-html-clean Tenable has extracted the preceding description block directly from the Fedora security advisory. Note th...
Fedora: Security Advisory (FEDORA-2026-154efc6066)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2026-fdded962b2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
python311-lxml_html_clean-0.4.4-1.1 on GA media (moderate)
python311-lxmlhtmlclean-0.4.4-1.1 on GA media Announcement ID: openSUSE-SU-2026:10322-1 Rating: moderate Cross-References: CVE-2026-28348 CVE-2026-28350 Affected Products: openSUSE Tumbleweed An update that solves 2 vulnerabilities can now be installed. Description: These are all security issues...
SUSE CVE-2026-28348
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...
SUSE CVE-2026-28350
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner configuration. While pagestructure=True removes html, head, and title tags, there is no specific handling for , allowing an attacker to inje...
OPENSUSE-SU-2026:10322-1 python311-lxml_html_clean-0.4.4-1.1 on GA media
These are all security issues fixed in the python311-lxmlhtmlclean-0.4.4-1.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2026-28348
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips...
Linux Distros Unpatched Vulnerability : CVE-2026-28350
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the tag passes through the default Cleaner...