Lucene search
+L

7 matches found

OSV
OSV
added 2026/07/02 8:20 p.m.4 views

GHSA-X4HG-HFWF-P9MW @asymmetric-effort/nogginlessdom vulnerable to ReDoS via user-controlled regex in HTMLInputElement pattern validation

Summary The HTMLInputElement.checkValidity method constructed a RegExp directly from the user-controlled pattern property without any sanitization or timeout protection. This allowed an attacker to inject a regex with catastrophic backtracking, freezing the event loop. Fix Fixed in commit...

6.9CVSS5.8AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/21 8:38 p.m.53 views

lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files

Impact Using either of the two parsers in the default configuration with resolveentities=True allows untrusted XML input to read local files. Patches lxml 6.1.0 changes the default to resolveentities='internal', thus disallowing local file access by default. Workarounds Setting the resolveentitie...

7.5CVSS5.8AI score0.00324EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-2027

Malware in sbrugna...

10CVSS6.3AI score0.01075EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/22 10:14 p.m.10 views

CVE-2022-48110

CKSource CKEditor 5 35.4.0 was discovered to contain a cross-site scripting XSS vulnerability via the Full Featured CKEditor5 widget. NOTE: the vendor's position is that this is not a vulnerability. The CKEditor 5 documentation discusses that it is the responsibility of an integrator who is addin...

6.1CVSS6.1AI score0.02097EPSS
Exploits4References1
UbuntuCve
UbuntuCve
added 2020/09/17 7:15 p.m.42 views

CVE-2020-24750

FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration...

8.1CVSS7.1AI score0.07327EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2020/03/26 1:15 p.m.41 views

CVE-2020-10968

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider aka bus-proxy...

8.8CVSS7.1AI score0.03538EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2020/03/26 1:15 p.m.33 views

CVE-2020-10969

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane...

8.8CVSS7.1AI score0.03473EPSS
Exploits0References4
Rows per page
Query Builder