Search CVE reports


Toggle filters

61 – 70 of 43937 results

Status is adjusted based on your filters.


CVE-2026-59889

Medium priority
Needs evaluation

jackson-databind contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. From 2.18.0 until 2.18.9, 2.21.5, 2.22.1, 3.1.5, and 3.2.1, UnwrappedPropertyHandler.processUnwrapped() replays...

1 affected package

jackson-databind

Package 22.04 LTS
jackson-databind Needs evaluation
Show less packages

CVE-2026-49978

Medium priority
Needs evaluation

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.7, DOMPurify IN_PLACE sanitization could skip shadow contents attached to an element inside <template>.content,...

2 affected packages

dompurify.js, node-dompurify

Package 22.04 LTS
dompurify.js Not in release
node-dompurify Needs evaluation
Show less packages

CVE-2026-49855

Medium priority
Needs evaluation

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, Tornado gzip decompression routines processed limited-size chunks but did not enforce an overall limit on accumulated decompressed chunks,...

1 affected package

python-tornado

Package 22.04 LTS
python-tornado Needs evaluation
Show less packages

CVE-2026-49854

Medium priority
Needs evaluation

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, the optional native extension tornado.speedups implemented websocket_mask without validating that the mask argument is exactly four bytes,...

1 affected package

python-tornado

Package 22.04 LTS
python-tornado Needs evaluation
Show less packages

CVE-2026-49853

Medium priority
Needs evaluation

Tornado is a Python web framework and asynchronous networking library. Prior to 6.5.6, SimpleAsyncHTTPClient shallow-copied redirected requests and removed only the Host header, leaving Authorization, auth_username, auth_password,...

1 affected package

python-tornado

Package 22.04 LTS
python-tornado Needs evaluation
Show less packages

CVE-2026-49477

Medium priority
Needs evaluation

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve contains a regular expression vulnerable to catastrophic backtracking when processing an...

1 affected package

soupsieve

Package 22.04 LTS
soupsieve Needs evaluation
Show less packages

CVE-2026-49476

Medium priority
Needs evaluation

Soup Sieve is a CSS selector library designed to be used with Beautiful Soup 4. Prior to 2.8.4, the CSS selector parser in soupsieve allocates unbounded memory when compiling large comma-separated selector lists, allowing an...

1 affected package

soupsieve

Package 22.04 LTS
soupsieve Needs evaluation
Show less packages

CVE-2026-49459

Medium priority
Needs evaluation

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitize(root, { IN_PLACE: true }) could preserve event-handler attributes on an attacker-controlled <form> root when a...

2 affected packages

dompurify.js, node-dompurify

Package 22.04 LTS
dompurify.js Not in release
node-dompurify Needs evaluation
Show less packages

CVE-2026-49458

Medium priority
Needs evaluation

DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitize(node, { IN_PLACE: true }) accepted same-origin foreign-realm DOM nodes while follow-on checks used parent-realm...

2 affected packages

dompurify.js, node-dompurify

Package 22.04 LTS
dompurify.js Not in release
node-dompurify Needs evaluation
Show less packages

CVE-2026-48801

Medium priority
Needs evaluation

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.1, LinkifyIt.prototype.match, the package's primary public API, has O(N²) algorithmic complexity for inputs containing many fuzzy links or emails...

1 affected package

node-markdown-it

Package 22.04 LTS
node-markdown-it Needs evaluation
Show less packages