Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
cure53 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2019-25155
DOMPurify prior to 1.0.11 allows reverse tabnabbing in demos/hooks-target-blank-demo.html because links lack a 'rel="noopener noreferrer"' attribute.
Cure53 Dompurify
NA
CVE-2023-41896
Home assistant is an open source home automation. Whilst auditing the frontend code to identify hidden parameters, Cure53 detected `auth_callback=1`, which is leveraged by the WebSocket authentication logic in tandem with the `state` parameter. The state parameter contains the `h...
Home-assistant Home-assistant-js-websocket
Home-assistant Home-assistant
4.3
CVSSv2
CVE-2020-26870
Cure53 DOMPurify prior to 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
Cure53 Dompurify
Debian Debian Linux 9.0
Microsoft Visual Studio 2017 15.9
Microsoft Visual Studio 2019 16.0
Microsoft Visual Studio 2019 16.4
Microsoft Visual Studio 2019 16.8
Microsoft Visual Studio 2019 16.7
Oracle Application Express
4
CVSSv2
CVE-2019-19026
Cloud Native Computing Foundation Harbor before 1.8.6 and 1.9.3 allows SQL Injection via project quotas in the VMware Harbor Container Registry for the Pivotal Platform.
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
6.5
CVSSv2
CVE-2019-19029
Cloud Native Computing Foundation Harbor before 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform.
Linuxfoundation Harbor
Pivotal Vmware Harbor Registry -
4.3
CVSSv2
CVE-2019-16728
DOMPurify prior to 2.0.1 allows XSS because of innerHTML mutation XSS (mXSS) for an SVG element or a MATH element, as demonstrated by Chrome and Safari.
Cure53 Dompurify
Debian Debian Linux 9.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started