Lucene search
K

784 matches found

Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.9 views

PT-2026-41965

Name of the Vulnerable Software and Affected Versions mailpit versions prior to v1.28.3 mailpit versions v1.28.3 and later Description An incomplete fix for a previous issue allows a Server-Side Request Forgery SSRF via the HTML Check API. While previous updates added size limits and content-type...

5.8CVSS5.8AI score0.00037EPSS
Exploits0References4
OSV
OSV
added 2026/05/18 2:23 p.m.7 views

JLSEC-2026-504

The parsing component in LibSass through 3.5.5 allows attackers to cause a denial-of-service uncontrolled recursion in Sass::Parser::parsecssvariablevalue in parser.cpp...

6.5CVSS6.9AI score0.02218EPSS
Exploits1References8
Redos
Redos
added 2026/05/15 12:0 a.m.9 views

ROS-20260515-73-0014

A vulnerability in the CSS component of the Google Chrome browser is related to memory usage after it has been freed. Exploitation of the vulnerability could allow a remote attacker to execute arbitrary code by sending a specially crafted HTML page...

8.8CVSS6.4AI score0.2202EPSS
Exploits12
Redos
Redos
added 2026/05/15 12:0 a.m.9 views

ROS-20260515-73-0024

A vulnerability in the CSS component of the Google Chrome and Microsoft Edge browsers is related to access control weaknesses. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS5.8AI score0.00258EPSS
Exploits0
NVD
NVD
added 2026/05/14 7:16 p.m.12 views

CVE-2026-27680

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

4.3CVSS0.00173EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/14 6:33 p.m.11 views

EUVD-2026-30363

Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...

3.1CVSS5.8AI score0.00173EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.12 views

PT-2026-41014

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server ABAP affected versions not specified Description Improper input handling under certain conditions allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. T...

4.3CVSS5.4AI score0.00173EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/13 3:1 p.m.10 views

CVE-2026-44458 Hono: CSS Declaration Injection via Style Object Values in JSX SSR

Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...

4.3CVSS5.9AI score0.00197EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/11 7:37 p.m.13 views

Mermaid: Improper sanitization of configuration leads to CSS injection

Impact Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration options. Live demo: mermaid.live Example code: %%init: "fontFamily": "x;ab :not&background:green !important cd"%% flowchart LR A --...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/09 12:0 a.m.14 views

PT-2026-39328

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description The JSX renderer escapes style attribute object values for HTML but not for CSS. When untrusted input is interpolated into a JSX style object and rendered server-side, characters that act as CSS...

4.3CVSS5.8AI score0.00197EPSS
Exploits0References170
RubySec
RubySec
added 2026/05/07 12:0 a.m.20 views

Improper Certificate Validation allows MITM injection of remote CSS content

Summary The CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning any HTTPS certificate—even entirely untrusted—will...

5.8CVSS5.8AI score0.00146EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/06 6:12 p.m.36 views

CVE-2026-7938

Use after free in CSS in Google Chrome prior to 148.0.7778.96 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. Chromium security severity: Medium...

0.00267EPSS
Exploits0References2
OSV
OSV
added 2026/05/03 9:55 a.m.5 views

OESA-2026-2130 emacs security update

Emacs is the extensible, customizable, self-documenting real-time display editor. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a proje...

7.1CVSS5.8AI score0.00108EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/29 8:9 a.m.8 views

Emacs: emacs: memory corruption vulnerability when processing svg css

...

7.1CVSS5.8AI score0.00108EPSS
Exploits0
NVD
NVD
added 2026/04/24 3:16 a.m.5 views

CVE-2026-41305

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...

6.1CVSS0.00205EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/22 9:25 p.m.6 views

Infinite loop

Overview justhtml is an A pure Python HTML5 parser that just works. Affected versions of this package are vulnerable to Infinite loop via custom sanitization policies or programmatic DOM manipulation. An attacker can inject and execute arbitrary scripts, cause resource loading, or trigger externa...

7.7CVSS5.8AI score
Exploits0References5
EUVD
EUVD
added 2026/04/22 3:31 p.m.10 views

EUVD-2026-24955

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

6.1CVSS5.7AI score0.00108EPSS
Exploits0References3
NVD
NVD
added 2026/04/22 2:17 p.m.6 views

CVE-2026-6861

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

7.1CVSS0.00108EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 1:39 p.m.13 views

CVE-2026-6861

A CVE-2026-6861 vulnerability affects GNU Emacs and relates to memory corruption when Emacs processes specially crafted SVG CSS data. A local attacker could entice a user to open a malicious SVG file, which may lead to a denial of service or information disclosure. Public references in the connec...

7.1CVSS5.7AI score0.00108EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:39 p.m.32 views

CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

6.1CVSS0.00108EPSS
Exploits0References2
Rows per page
Query Builder