779 matches found
CVE-2026-11076
Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...
PT-2026-46815
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in CSS allows a remote attacker to leak cross-origin data by using a crafted HTML page. Recommendations Update to version 149.0.7827.53 or later...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper CSS implementation. A remote attacker could exploit this vulnerability to leak cross-source data through...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper CSS implementation. A remote attacker could exploit this vulnerability to leak cross-source data through...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by type confusion in CSS. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a specially crafted HTML...
CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...
Mistune Image Directive CSS Injection Vulnerability
...
[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-5.fc44
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
CVE-2026-48846
In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...
DEBIAN-CVE-2026-48843
Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...
CVE-2026-48848
Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...
PT-2026-43128
Cross-Site Request Forgery CSRF vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0...
Roundcube Webmail 跨站脚本漏洞
Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source, which supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7, which stems from...
CVE-2026-41148
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...
EUVD-2026-31515
Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...
Astra Linux – Vulnerability in Chromium
Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Firefox
By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could be applied, leading to memory corruption and potentially exploitable crashes. This vulnerability affects Firefox versions less than 87...
ROS-20260520-73-0040
A vulnerability in the CSS component of the Google Chrome browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...
ROS-20260520-73-0008
A vulnerability in the CSS component of the Google Chrome browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
PT-2026-41965
Name of the Vulnerable Software and Affected Versions mailpit versions prior to v1.28.3 mailpit versions v1.28.3 and later Description An incomplete fix for a previous issue allows a Server-Side Request Forgery SSRF via the HTML Check API. While previous updates added size limits and content-type...