CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

JLSEC-2026-581

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Medium: yelp

Issue Overview: A sandbox escape vulnerability was found in yelp, the GNOME help viewer. Bypassing the fix for CVE-2025-3155, a malicious help document can use a CSS stylesheet embedded in an SVG image to exfiltrate the contents of local files such as files under /proc to an external server witho...

EulerOS Virtualization 2.10.1 : libxslt (EulerOS-SA-2026-2029)

According to the versions of the libxslt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers an...

CVE-2026-6403

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

EUVD-2026-34749

Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11162

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

CVE-2026-41148 Mermaid: Improper sanitization of `classDefs` in diagrams leads to CSS injection

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Versions 10.9.5 and prior, in addition to 11.0.0-alpha.1 through 11.12.0 are vulnerable to CSS injection through improper sanitization. The state diagram and any other diagram type that routes...

Snappy : SSRF and local file read via the xsl-style-sheet option

Impact It impacts applications where: - the PHP daemon run with root permissions ; - the application is either running outside a container or has sensitive file access ; It could happens with this kind of workflows: php $stylesheet = $GET'stylesheet'; // = ‘file:///etc/passwd’ $pdf = new...

PT-2026-42615

Impact It impacts applications where: - the PHP daemon run with root permissions ; - the application is either running outside a container or has sensitive file access ; It could happens with this kind of workflows: php $stylesheet = $ GET'stylesheet'; // = ‘file:///etc/passwd’ $pdf = new...

Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...

GHSA-W4VJ-R5PG-3722 Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...

CVE-2026-6403

The Quick Playground plugin for WordPress (up to version 1.3.3) is vulnerable to a Path Traversal flaw. The root cause is insufficient validation in the qckply_zip_theme() function, which directly appends a user-controlled 'stylesheet' parameter to the theme root directory path without sanitizing...

CVE-2026-6403

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

CVE-2026-6403 Quick Playground <= 1.3.3 - Unauthenticated Path Traversal to Arbitrary File Read via 'stylesheet' Parameter

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

org.webjars.npm:event-calendar__core (>=3.1.0 <=3.7.1), org.webjars.npm:event-calendar__day-grid (=3.6.2) +2 more potentially affected by CVE-2026-42573 via org.webjars.npm:svelte (>=3.20.1 <=4.2.19)

org.webjars.npm:svelte MAVEN version =3.20.1, =3.1.0, =3.1.0, =3.6.2 - org.webjars.npm:stylesheet-switcher =3.0.0 Source cves: CVE-2026-42573 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16697542...