CVE-2026-41675

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, the package allows attacker-controlled processing instruction data to be serialized into XML without...

CVE-2026-41673

xmldom is a pure JavaScript W3C standard-based XML DOM Level 2 Core DOMParser and XMLSerializer module. In @xmldom/xmldom prior to versions 0.9.10 and 0.8.13 and xmldom version 0.6.0 and prior, seven recursive traversals in lib/dom.js operate without a depth limit. A sufficiently deeply nested DO...

CVE-2026-28369

A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the request by stripping these leading spaces. This behavior, which violates HTTP standards, can be exploited by a remote attacker to perform...

RLSA-2024:9281 Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Fo...

Fedora: Security Advisory (FEDORA-2024-baa87269ba)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: weasyprint-61.2-1.fc40

WeasyPrint can render HTML and CSS to PDF. It aims to support web standards for printing...

@hono/node-server cannot handle "double dots" in URL

Impact Since v1.3.0, we use our own Request object. This is great, but the url behavior is unexpected. In the standard API, if the URL contains .., here called "double dots", the URL string returned by Request will be in the resolved path. ts const req = new...

DEBIAN-CVE-2023-29456

URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards...

[SECURITY] Fedora 35 Update: golang-gopkg-square-jose-2-2.6.0-3.fc35

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSON Web Encryption, JSON Web Signature, and JSON Web Token standards...

URL Parsing-Library Bugs Allow DoS, RCE, Spoofing & More

Eight different security vulnerabilities arising from inconsistencies among 16 different URL parsing libraries could allow denial-of-service DoS conditions, information leaks and remote code execution RCE in various web applications, researchers are warning. The bugs were found in third-party web...

Performance-testing the Google I/O site

I've been looking at the performance of F1 websites recently, but before I dig into the last couple of teams, I figured I'd look a little closer to home, and dig into the Google I/O website. 1. Part 1: Methodology & Alpha Tauri 2. Part 2: Alfa Romeo 3. Part 3: Red Bull 4. Part 4: Williams 5. Part...

Google Proposes 'Privacy Sandbox' to Develop Privacy-Focused Ads

Google today announced a new initiative—called Privacy Sandbox—in an attempt to develop a set of open standards that fundamentally enhances privacy on the web while continuing to support a free, open and democratic Internet through digital advertisements. A lot of websites on the Internet today,...

Microsoft Offers $30K Rewards For Chromium Edge Beta Flaws

Microsoft is calling on researchers to help sniff out any security glitches in the beta version of its new Chromium-based Edge browser before officially pushing it live. The tech company has been working to build a new version of Edge based on Google’s open-source Chromium code, as opposed to its...

What's New in Web Performance? - March 2019

Organizations that do business on the web are at various stages in their digital transformation journey. Some are developing some of the most innovative and immersive digital experiences on the web, others are, for the first time, figuring out how to safely move applications to the cloud with...

Flash Player is Dead, Long Live Flash Player!

Adobe last week detailed plans to retire its Flash Player software, a cross-platform browser plugin so powerful and so packed with security holes that it has become the favorite target of malware developers. To help eradicate this ubiquitous liability, Adobe is enlisting the help of Apple,...

Stealing Browsing History Using Your Phone's Ambient Light Sensor

There has been a flurry of research into using the various sensors on your phone to steal data in surprising ways. Here's another: using the phone's ambient light sensor to detect what's on the screen. It's a proof of concept, but the paper's general conclusions are correct: There is a lesson her...

Firefox temporarily shield the Flash, to avoid the user was hacked-vulnerability warning-the black bar safety net

! Hacking Team was attacked by hackers have been on the Adobe caused a serious impact. From Hacking Team leaks information that Adobe Flash Player there are two serious vulnerabilities. Since Adobe needs to spend some time to fix these vulnerabilities, so Mozilla decided for Firefox browser users...

Tradingeye E-commerce Shopping Cart Multiple Vulnerabilities

No description provided by source. Exploit Title: Tradingeye Multiple Vulnerabilities Vendor: www.tradingeye.com Date: 12th july,2011 Author: $4d0//r007k17 a.k.a Raghavendra Karthik D http://www.shadowrootkit.wordpress.com Google Dork: Powered by Tradingeye. 2009 Tradingeye v6 demo BREIF...

Roundcube Webmail 0.8.0 - Stored XSS

No description provided by source. !/usr/bin/python ''' Exploit Title: Roundcube Webmail Stored XSS. Date: 14/08/2012 Exploit Author: Shai rod @NightRang3r Vendor Homepage: http://roundcube.net Software Link:...

SweetRice < 0.6.4 (fckeditor) Remote File Upload

No description provided by source. Title: SweetRice 0.6.4 fckeditor Remote File Upload Vendor: http://www.basic-cms.org Dork: Powered By Basic CMS SweetRice AUTHOR: ITSecTeam Email: [email protected] Website: http://www.itsecteam.com Forum : http://forum.ITSecTeam.com Original Advisory:...