Lucene search
+L

779 matches found

Cvelist
Cvelist
added 2026/06/04 11:4 p.m.37 views

CVE-2026-11076

Type Confusion in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

0.00312EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-46815

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description Insufficient policy enforcement in CSS allows a remote attacker to leak cross-origin data by using a crafted HTML page. Recommendations Update to version 149.0.7827.53 or later...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References439
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.12 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper CSS implementation. A remote attacker could exploit this vulnerability to leak cross-source data through...

4.3CVSS5.4AI score0.00187EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper CSS implementation. A remote attacker could exploit this vulnerability to leak cross-source data through...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability caused by type confusion in CSS. This vulnerability could allow remote attackers to execute arbitrary code within a sandbox through a specially crafted HTML...

8.8CVSS6.1AI score0.00312EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/29 1:53 p.m.39 views

CVE-2026-41159 Mermaid: Improper sanitization of configuration leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS0.00398EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/05/28 8:6 a.m.14 views

Mistune Image Directive CSS Injection Vulnerability

...

6.1CVSS5.8AI score0.00228EPSS
Exploits1
Fedora
Fedora
added 2026/05/28 1:13 a.m.15 views

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-5.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

9.2CVSS5.8AI score0.04261EPSS
Exploits3
NVD
NVD
added 2026/05/25 8:16 p.m.14 views

CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS0.00405EPSS
Exploits0References5
OSV
OSV
added 2026/05/25 8:16 p.m.8 views

DEBIAN-CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.00268EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/25 8:16 p.m.10 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS5.8AI score0.00388EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.13 views

PT-2026-43128

Cross-Site Request Forgery CSRF vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0...

6.5CVSS5.8AI score0.0014EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.13 views

Roundcube Webmail 跨站脚本漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source, which supports address book management, message searching, spell checking and more. A cross-site scripting vulnerability exists in Roundcube Webmail versions prior to 1.6.16 and prior to 1.7, which stems from...

7.2CVSS5.6AI score0.00388EPSS
Exploits0References5
NVD
NVD
added 2026/05/22 11:16 p.m.22 views

CVE-2026-41148

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS0.00338EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/22 10:3 p.m.9 views

EUVD-2026-31515

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

5.3CVSS5.7AI score0.00338EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Chromium

Type confusion in CSS in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

8.8CVSS7.3AI score0.00549EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Firefox

By causing a transition on a parent node by removing a CSS rule, an invalid property for a marker could be applied, leading to memory corruption and potentially exploitable crashes. This vulnerability affects Firefox versions less than 87...

6.5CVSS7.2AI score0.00736EPSS
Exploits0References1
Redos
Redos
added 2026/05/20 12:0 a.m.11 views

ROS-20260520-73-0040

A vulnerability in the CSS component of the Google Chrome browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code using a specially crafted HTML page...

6.3CVSS6.1AI score0.00291EPSS
Exploits0
Redos
Redos
added 2026/05/20 12:0 a.m.9 views

ROS-20260520-73-0008

A vulnerability in the CSS component of the Google Chrome browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS6AI score0.00271EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.12 views

PT-2026-41965

Name of the Vulnerable Software and Affected Versions mailpit versions prior to v1.28.3 mailpit versions v1.28.3 and later Description An incomplete fix for a previous issue allows a Server-Side Request Forgery SSRF via the HTML Check API. While previous updates added size limits and content-type...

5.8CVSS5.8AI score0.00037EPSS
Exploits0References4
Rows per page
Query Builder