Lucene search
K

21 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.10 views

CVE-2026-25681

A flaw was found in golang.org/x/net/html. A remote attacker could exploit this vulnerability by providing specially crafted HTML. When this arbitrary HTML is parsed and rendered, it can result in an unexpected HTML tree, bypassing input sanitization. This can be leveraged to execute Cross-Site...

8.1CVSS6.5AI score0.00178EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.11 views

CVE-2026-42506

A flaw was found in golang.org/x/net/html. When parsing arbitrary HTML that is subsequently rendered, an unexpected HTML tree can be generated. A remote attacker could leverage this vulnerability to execute Cross-Site Scripting XSS attacks in applications that attempt to sanitize input HTML befor...

6.1CVSS6AI score0.00188EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/02 1:39 a.m.12 views

SUSE CVE-2026-42506

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00188EPSS
Exploits0References10
OSV
OSV
added 2026/05/22 4:16 p.m.7 views

UBUNTU-CVE-2026-27136

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/22 3:1 p.m.8 views

EUVD-2026-31452

Parsing arbitrary HTML which is then rendered using Render can result in an unexpected HTML tree. This can be leveraged to execute XSS attacks in applications that attempt to sanitize input HTML before rendering...

6.1CVSS6AI score0.00178EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/15 12:4 p.m.10 views

Security update for python36

This update for python36 fixes the following issues: CVE-2025-13462: incorrect parsing of TarInfo header when GNU long name and type AREGTYPE are combined bsc1259611. CVE-2026-3479: python: improper resource argument validation can allow path traversal bsc1259989. CVE-2026-3644: incomplete contro...

8.2CVSS5.9AI score0.00621EPSS
Exploits0References20
Snyk
Snyk
added 2026/04/13 10:11 p.m.8 views

Heap-based Buffer Overflow

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/13 10:11 p.m.6 views

Heap-based Buffer Overflow

Overview Magick.NET-Q16-HDRI-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

6.9CVSS6AI score0.00428EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/19 11:8 a.m.10 views

CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in stserialstack. In the case stackptr == stacksize - 1, the stack will NOT be expanded. Then the new value will be written at location ++stackptr, which equals stacksize and therefore falls just outside the allocat...

9.8CVSS6AI score0.00548EPSS
Exploits0References4
OSV
OSV
added 2026/02/05 6:16 p.m.7 views

AZL-76872 CVE-2025-47911 affecting package helm for versions less than 3.14.2-10

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS7.3AI score0.00502EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/02/05 6:16 p.m.5 views

CVE-2025-47911

The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

5.3CVSS6.8AI score0.00502EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.4 views

PT-2026-3019

Name of the Vulnerable Software and Affected Versions libxml2 affected versions not specified Description An issue exists in the libxml2 library related to uncontrolled resource consumption. The problem occurs when processing XML catalogs containing repeated elements that point to the same...

6.2CVSS5.8AI score0.00755EPSS
Exploits4References41
RedHat Linux
RedHat Linux
added 2025/12/04 6:3 p.m.6 views

org.eclipse.jgit: XXE vulnerability in Eclipse JGit

A flaw was found in Eclipse JGit. This vulnerability can allow information disclosure, denial of service, and other security issues when parsing XML files...

6.8CVSS5.7AI score0.0104EPSS
Exploits1References7
OSV
OSV
added 2024/07/16 6:15 p.m.10 views

AZL-45435 CVE-2024-39908 affecting package ruby for versions less than 3.1.7-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.1 has some DoS vulnerabilities when it parses an XML that has many specific characters such as . If you need to parse untrusted XMLs, you many be impacted to these vulnerabilities. The REXML gem 3.3.2 or later include the patches to fix...

4.3CVSS6.5AI score0.01493EPSS
Exploits0References1
OSV
OSV
added 2024/05/02 7:15 p.m.2 views

CVE-2024-34393

libxmljs2 is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs that was called on a parsed node. This vulnerability might lead to denial of service on both 32-bit systems and 64-bit systems, data leak, infinite loop...

8.1CVSS6.3AI score0.0096EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/06/20 12:0 a.m.3 views

The vulnerability of the CreateLabelOrAttrib function in the XML data compression tool Xmill allows a hacker to execute arbitrary code.

The vulnerability of the CreateLabelOrAttrib function in the XML data compression tool Xmill is related to a memory boundary error during XML file processing. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

10CVSS7.8AI score0.01136EPSS
Exploits1References6Affected Software2
SUSE CVE
SUSE CVE
added 2023/02/15 4:24 a.m.2 views

SUSE CVE-2018-16428

In GNOME GLib 2.56.1, gmarkupparsecontextendparse in gmarkup.c has a NULL pointer dereference...

4CVSS9.3AI score0.04693EPSS
Exploits1References45
SUSE CVE
SUSE CVE
added 2023/02/15 3:41 a.m.2 views

SUSE CVE-2021-31347

An issue was discovered in libezxml.a in ezXML 0.8.6. The function ezxmlparsestr performs incorrect memory handling while parsing crafted XML files writing outside a memory region created by mmap...

5.5CVSS7.1AI score0.01193EPSS
Exploits1References12
CNNVD
CNNVD
added 2022/07/26 12:0 a.m.3 views

Inductive Automation Ignition 代码问题漏洞

Inductive Automation Ignition is a suite of integrated software platforms for SCADA systems from Inductive Automation, Inc. The platform supports SCADA Data Acquisition and Monitoring Systems, HMI Human Machine Interface and more. A code issue vulnerability exists in Inductive Automation Ignition...

9.8CVSS8.5AI score0.00817EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/05/17 12:0 a.m.5 views

PT-2022-20428 · Jenkins · Jenkins Storable Configs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Storable Configs Plugin versions 1.0 and earlier Description: The issue arises from the plugin not configuring its XML parser to prevent XML external entity XXE attacks. This allows attackers with Item/Configure permission to have...

8.8CVSS8.3AI score0.01123EPSS
Exploits0References6
Rows per page
Query Builder