701 matches found
Soup Sieve has Memory Exhaustion via Large Comma-Separated Selector Lists
Summary The CSS selector parser in soupsieve the CSS selector engine for Beautiful Soup 4 allocates unbounded memory when compiling large comma-separated selector lists. An attacker who can supply a crafted CSS selector string to soupsieve.compile or Beautiful Soup's .select / .selectone can caus...
WeasyPrint has CSS Injection via Presentational Hints
Summary A CSS injection issue exists in WeasyPrint when HTML presentational hints are enabled. Unescaped attribute values are embedded into CSS, allowing injection of arbitrary CSS declarations. This affects applications processing untrusted HTML input. Details File: weasyprint/css/init.py The...
Chromium: CVE-2026-13839 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-14098 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-14145 Inappropriate implementation in CSS
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Chromium: CVE-2026-14085 Side-channel information leakage in CSS
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
EUVD-2026-40832
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40835
Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40700
Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
EUVD-2026-40524
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-14148
Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14145
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
DEBIAN-CVE-2026-14085
Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14148
Type Confusion in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14148
CVE-2026-14148 : Type Confusion in CSS handling in Google Chrome before version 150.0.7871.47 allows a remote attacker to read potentially sensitive information from process memory via a crafted HTML page. The vulnerability is documented across multiple feeds (NVD/ENISA/CVE records) with a Chromi...
CVE-2026-14098
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14085
Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14085
CVE-2026-14085: A side‑channel information leakage in CSS in Google Chrome (Chromium) before 150.0.7871.47 allows a remote attacker to leak cross-origin data via a crafted HTML page. Affected software: Google Chrome (CSS rendering path). Root cause: side‑channel exposure in CSS handling; impact i...
CVE-2026-14012
Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-14012
This CVE describes a side-channel information leakage in CSS within Google Chrome (Chromium) prior to version 150.0.7871.47. The vulnerability allows a remote attacker to exfiltrate potentially sensitive data from process memory via a crafted HTML page. The affected component is the CSS handling ...