Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/05/08 4:27 p.m.9 views

GHSA-45C6-75P6-83CC fast-xml-builder Comment Value regex can be bypassed

Summary The fix for https://github.com/advisories/GHSA-gh4j-gqv2-49f6 in fast-xml-parser sanitizes -- sequences in XML comment content using .replace/--/g, '- -'. This skip the values containing three consecutive dashes e.g., ---..., allowing an attacker to break out of an XML comment and inject...

6.1CVSS6AI score0.00194EPSS
Exploits0References4
Snyk
Snykadded 2026/03/05 3:30 p.m.4 views

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception via the HTMLParser component. An attacker can cause application crashes or potentially disclose information by submitting specially crafted, malformed HTML-like sequences in Markdown input. PoC python import markdown...

8.2CVSS5.8AI score0.00465EPSS
Exploits1References2
CNNVD
CNNVDadded 2025/04/16 12:0 a.m.2 views

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go versions prior to v0.38.0, which stems from the markup parser incorrectly handling unreferenced attribute values, potentially...

6.5CVSS6.6AI score0.0045EPSS
Exploits0References5
OSV
OSVadded 2025/04/08 11:46 a.m.2 views

USN-7424-1 expat vulnerability

It was discovered that Expat could crash due to stack overflow when processing XML documents with deeply nested entity references. If a user or automated system were tricked into processing specially crafted XML input, an attacker could use this issue to cause a denial of service...

7.5CVSS6.7AI score0.01569EPSS
Exploits0References2
OSV
OSVadded 2022/05/20 7:15 p.m.1 views

DEBIAN-CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

8.2CVSS7AI score0.02886EPSS
Exploits1References1
RedHat Linux
RedHat Linuxadded 2020/04/06 9:2 a.m.2 views

Django: the behavior of the underlying HTMLParser leading to DoS

An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. Due to the behaviour of the underlying HTMLParser, django.utils.html.striptags would be extremely slow to evaluate certain inputs containing large sequences of nested incomplete HTML entities...

7.5CVSS7.3AI score0.03172EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2016/05/17 4:12 p.m.10 views

libxml2: Buffer overread with XML parser in xmlNextChar

A denial of service flaw was found in libxml2. A remote attacker could provide a specially crafted XML or HTML file that, when processed by an application using libxml2, would cause that application to leak potentially sensitive information...

6.4CVSS7.3AI score0.06908EPSS
Exploits0References4
Rows per page
Query Builder