3487 matches found
EUVD-2026-43288
The Tutor LMS WordPress plugin before 3.9.13 does not perform any authorization or post-target validation before creating a comment in one of its handlers, and stores the comment pre-approved, allowing authenticated users with subscriber-level access and above to post auto-approved comments...
CVE-2026-12273
The CVE-2026-12273 entry concerns Tutor LMS for WordPress (MITRE CVE-2026-12273). Affected component: Tutor LMS WordPress plugin prior to version 3.9.13. Description details a lack of authorization checks and post-target validation in a comment-creation handler, resulting in pre-approved comments...
[SECURITY] Fedora 44 Update: perl-HTML-Gumbo-0.19-1.fc44
Gumbo is an implementation of the HTML5 parsing algorithm implemented as a pure C99 library with no outside dependencies...
CVE-2026-54714 Logto: XSS via unescaped RelayState in SAML auto-submit form
Logto is the modern, open-source auth infrastructure for SaaS and AI apps. Prior to 1.41.0, @logto/core reflected the SAML RelayState, SAMLResponse, and actionUrl into a Logto-origin auto-submit HTML form in packages/core/src/saml-application/SamlApplication/utils.ts without HTML-attribute...
CVE-2026-55466
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, UploadFileRequest sanitizes SVG content only when PHP finfo reports image/svg+xml and UploadedFilesController serves attachments inline without using StorageHelper::allowSafeInline, allowing a low-privilege user to upload active...
python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations
A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...
python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations
A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...
python: Python: CPU Denial of Service in HTML parser via repeated unterminated markup declarations
A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...
CVE-2026-15308
A flaw was found in Python. Its incremental HTML parser can be exploited by a remote attacker. By sending specially crafted, uncontrolled data with repeated, incomplete markup declarations, the attacker can cause the system to consume excessive central processing unit CPU resources. This leads to...
CVE-2026-15308
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
CVE-2026-15308
The CVE-2026-15308 issue concerns Python’s incremental HTML parser (html.parser.HTMLParser) where the feed() path can cause CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data. The root cause is tied to how unterminated markup declarations are...
CVE-2026-15308 Incremental HTMLParser feed() allows CPU-exhaustion DoS via repeated unterminated markup declarations
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
EUVD-2026-42638
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
CVE-2026-15308
The incremental HTML parser html.parser.HTMLParser allows for CPU denial-of-service through repeated unterminated markup declarations when processing uncontrolled data...
USN-8520-1: Expat vulnerability
It was discovered that Expat used insufficient entropy when generating hash salt values for its internal hash table. An attacker could use this to craft an XML document that triggers hash flooding, leading to a denial of service...
CVE-2026-31982
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to insufficient validation of a user-controlled redirection parameter. An unauthenticated attacker can craft a request to the SAML sign-in endpoint and poison the cached SAML redirection for other users who...
EUVD-2026-42457
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
EUVD-2026-42454
Inappropriate implementation in Forms in Google Chrome prior to 150.0.7871.115 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: High...
PT-2026-56871
Name of the Vulnerable Software and Affected Versions CPython affected versions not specified Description The incremental HTML parser html.parser.HTMLParser contains an issue that allows for CPU denial-of-service when processing uncontrolled data. The root cause is improper input handling that...