Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Snyk
Snykadded 2026/04/03 3:46 a.m.4 views

Permissive List of Allowed Inputs

Overview dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the ADDATTR predicate function via EXTRAELEMENTHANDLING.attributeCheck. An attacker can inject and execute malicious scripts in the DOM...

6.1CVSS6AI score
Exploits0References2
Snyk
Snykadded 2026/04/03 3:46 a.m.4 views

Permissive List of Allowed Inputs

Overview org.webjars.npm:dompurify is a DOM-only XSS sanitizer for HTML, MathML and SVG. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs in the ADDATTR predicate function via EXTRAELEMENTHANDLING.attributeCheck. An attacker can inject and execute malicious...

6.1CVSS6AI score
Exploits0References2
Snyk
Snykadded 2026/03/27 5:56 p.m.2 views

Permissive List of Allowed Inputs

Overview express-xss-sanitizer is an Express 4.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs through the...

8.8CVSS5.9AI score0.00021EPSS
Exploits1References3
Snyk
Snykadded 2026/03/05 12:12 a.m.1 views

Permissive List of Allowed Inputs

Overview @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via the processing of the mkdocs.yml configuration file...

9.8CVSS6AI score0.00038EPSS
Exploits0References2
ICS
ICSadded 2024/10/08 12:0 a.m.7 views

Siemens SINEC Security Monitor

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

9.9CVSS8.2AI score0.02948EPSS
Exploits0References10
OSV
OSVadded 2023/04/11 5:15 p.m.1 views

CVE-2022-42469

A permissive list of allowed inputs vulnerability CWE-183 in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal...

4.3CVSS5.8AI score0.00078EPSS
Exploits0References1
Prion
Prionadded 2023/04/11 5:15 p.m.14 views

Code injection

A permissive list of allowed inputs vulnerability CWE-183 in FortiGate version 7.2.3 and below, version 7.0.9 and below Policy-based NGFW Mode may allow an authenticated SSL-VPN user to bypass the policy via bookmarks in the web portal...

4CVSS4.5AI score0.00078EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linuxadded 2022/10/06 6:32 p.m.2 views

dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs

A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK...

8.6CVSS7.1AI score0.00538EPSS
Exploits1References5
Rows per page
Query Builder