VYPR

Lexbor

by Lexbor

Source repositories

CVEs (2)

  • CVE-2026-29079Mar 13, 2026
    risk 0.00cvss epss 0.00

    Lexbor is a web browser engine library. Prior to 2.7.0, a type‑confusion vulnerability exists in Lexbor’s HTML fragment parser. When ns = UNDEF, a comment is created using the “unknown element” constructor. The comment’s data are written into the element’s fields via…

  • CVE-2026-29078Mar 13, 2026
    risk 0.00cvss epss 0.00

    Lexbor is a web browser engine library. Prior to 2.7.0, the ISO‑2022‑JP encoder in Lexbor fails to reset the temporary size variable between iterations. The statement ctx->buffer_used -= size with a stale size = 3 causes an integer underflow that wraps to SIZE_MAX.…