Lucene search
K

4480 matches found

RedHat Linux
RedHat Linux
added 4 days ago5 views

DOMPurify: DOMPurify: Cross-Site Scripting (XSS) via inconsistent tag sanitization

A flaw was found in DOMPurify, a DOM-only cross-site scripting sanitizer. A remote attacker could exploit an inconsistency in how forbidden tags and attributes are handled when function-based tag additions are used. This allows malicious HTML, MathML, or SVG elements to bypass sanitization and...

6.1CVSS7.5AI score0.00263EPSS
Exploits1References7
Cvelist
Cvelist
added 6 days ago25 views

CVE-2026-13758 CryptX versions before 0.088_001 for Perl compare AEAD authentication tags in non-constant time in the streaming decrypt_done path

CryptX versions before 0.088001 for Perl compare AEAD authentication tags in non-constant time in the streaming decryptdone path. The decryptdone$tag form compares it against the computed tag with memNE memcmp != 0, which short-circuits on the first differing byte, so its run time depends on the...

0.00295EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 6 days ago8 views

PT-2026-53740

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.22 Apache Tomcat versions 10.1.0-M1 through 10.1.55 Apache Tomcat versions 9.0.0.M1 through 9.0.118 Apache Tomcat versions 8.5.0 through 8.5.100 Apache Tomcat versions 7.0.0 through 7.0.109...

5.8AI score0.00357EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2026-39657

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

4.3CVSS5.8AI score0.00167EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 2:17 p.m.8 views

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

5.3CVSS0.00167EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 12:38 p.m.36 views

CVE-2026-57925

In JetBrains YouTrack before 2026.2.16593 improper access control allowed reading saved queries and tags...

4.3CVSS0.00167EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 12:38 p.m.23 views

CVE-2026-57925

JetBrains YouTrack before 2026.2.16593 has an improper access control vulnerability (CVE-2026-57925) that enables reading saved queries and tags. The root cause is access control weakness; attacker with network access and low privileges (CVSSv3.1: AV:N/AC:L/PR:L/UI:N/S:U) can access sensitive dat...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/26 12:32 a.m.4 views

EUVD-2021-34853

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 12:32 a.m.7 views

EUVD-2021-34852

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS6AI score0.0012EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.10 views

PT-2026-52705

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2026.2.16593 Description Improper access control allows unauthorized reading of saved queries and tags. Recommendations Update to version 2026.2.16593...

5.3CVSS5.8AI score0.00167EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 10:16 p.m.7 views

CVE-2021-47986

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 10:16 p.m.9 views

CVE-2021-47987

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.18 views

CVE-2021-47987 Parse Server - Arbitrary Code Execution via Malicious Version Tags

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS0.0012EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 9:41 p.m.10 views

CVE-2021-47987

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository, pointing to an unreviewed personal fork with write access. No releases were published with these tags; a project exposing a vulnerability would require a git-...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.11 views

CVE-2021-47987

Parse Server before 4.10.0 was affected by a supply chain incident in which incorrect version tags were pushed to the official repository pointing to an unreviewed personal fork of a contributor with write access. No releases were published with these tags; a project was exposed only if it define...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 9:41 p.m.10 views

CVE-2021-47986

Parse Server exposes a supply-chain vulnerability affecting all versions before 4.10.0 where incorrect version tags were pushed to the repository, linking to unreviewed code in a personal fork. Attackers could specify affected version tags in dependency declarations to execute unreviewed and pote...

7.7CVSS6AI score0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:41 p.m.19 views

CVE-2021-47986 Parse Server - Unreviewed Code Execution via Malicious Version Tags

Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and...

7.7CVSS0.0012EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 3:16 p.m.8 views

CVE-2026-57535

Content injected to PDF rendering contexts could, in many places, include HTML content including tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server a...

2.1CVSS0.00308EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:29 p.m.9 views

CVE-2026-57535

CVE-2026-57535 describes a vulnerability in PDF rendering contexts where HTML content (including tags) can be injected. If an tag src points to a URL, the rendering engine may fetch the image, potentially leaking information about the rendering server and enabling an SSRF-like vector in the loc...

2.1CVSS5.9AI score0.00308EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52607

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.0 Description A supply chain issue exists where incorrect version tags were pushed to the repository, linking to unreviewed code from a personal fork. This allows attackers to execute unreviewed and...

7.7CVSS5.9AI score0.0012EPSS
Exploits0References5
Rows per page
Query Builder