Lucene search
+L

701 matches found

Github Security Blog
Github Security Blog
added 2026/07/09 1:37 p.m.7 views

Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists

Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to soupsieve.compile or Beautiful Soup's .select / .selectone can caus...

7.5CVSS6AI score0.00601EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/07/06 5:29 p.m.9 views

WeasyPrint has CSS Injection via Presentational Hints

Summary A CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input. Details File: weasyprint/css/init.py The...

6AI score
Exploits0References2Affected Software1
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.5 views

Chromium: CVE-2026-13839 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.9AI score0.00218EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.6 views

Chromium: CVE-2026-14098 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.9AI score0.00229EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.9 views

Chromium: CVE-2026-14145 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.1CVSS5.9AI score0.00154EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/07/03 2:0 p.m.7 views

Chromium: CVE-2026-14085 Side-channel information leakage in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.9AI score0.00247EPSS
Exploits0
EUVD
EUVD
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40832

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6AI score0.00154EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.5 views

EUVD-2026-40835

Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00221EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40700

Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 12:34 a.m.8 views

EUVD-2026-40524

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...

5.8AI score0.00218EPSS
Exploits0References3
NVD
NVD
added 2026/06/30 11:17 p.m.6 views

CVE-2026-14148

Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00221EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 11:17 p.m.5 views

CVE-2026-14145

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

6.1CVSS0.00154EPSS
Exploits0References2
OSV
OSV
added 2026/06/30 11:17 p.m.5 views

DEBIAN-CVE-2026-14085

Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.26 views

CVE-2026-14148

Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...

0.00221EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.24 views

CVE-2026-14148

CVE-2026-14148 : Type Confusion in CSS handling in Google Chrome before version 150.0.7871.47 allows a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. The vulnerability is documented across multiple feeds (NVD/ENISA/CVE records) with a Chromi...

6.5CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.28 views

CVE-2026-14098

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00229EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:39 p.m.21 views

CVE-2026-14085

CVE-2026-14085: A side‑channel information leakage in CSS in Google Chrome (Chromium) before 150.0.7871.47 allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected software: Google Chrome (CSS rendering path). Root cause: side‑channel exposure in CSS handling; impact i...

6.5CVSS5.8AI score0.00247EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 10:39 p.m.29 views

CVE-2026-14085

Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 10:38 p.m.29 views

CVE-2026-14012

Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

0.00205EPSS
Exploits0References2
CVE
CVE
added 2026/06/30 10:38 p.m.151 views

CVE-2026-14012

This CVE describes a side-channel information leakage in CSS within Google Chrome (Chromium) prior to version 150.0.7871.47. The vulnerability allows a remote attacker to exfiltrate potentially sensitive data from process memory via a crafted HTML page. The affected component is the CSS handling ...

5.3CVSS5.8AI score0.00205EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder