Lucene search
K

4773 matches found

CVE
CVE
added 3 hours ago6 views

CVE-2026-13323

Open VSX Registry before 1.0.2 is affected by a vulnerability in the /vscode/unpkg/ endpoint that serves user-supplied HTML with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition header. An unauthenticated attacker can create a publisher account, upload a VSIX c...

4.1CVSS5.8AI score
Exploits0References2
EUVD
EUVD
added 3 hours ago3 views

EUVD-2026-40945

In Open VSX Registry before 1.0.2, the /vscode/unpkg/ endpoint serves user-supplied HTML files with Content-Type: text/html and without a Content-Security-Policy or Content-Disposition: attachment response header. An unauthenticated attacker can register a publisher account, upload a VSIX...

4.1CVSS5.8AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 11 hours ago3 views

SUSE CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.00137EPSS
Exploits0References3
EUVD
EUVD
added 14 hours ago3 views

EUVD-2026-40763

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score
Exploits0References3
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-40734

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...

5.8AI score
Exploits0References3
EUVD
EUVD
added 14 hours ago3 views

EUVD-2026-40745

Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score
Exploits0References3
EUVD
EUVD
added 14 hours ago2 views

EUVD-2026-40572

Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

5.8AI score
Exploits0References3
EUVD
EUVD
added 14 hours ago4 views

EUVD-2026-40562

Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

5.8AI score
Exploits0References3
NVD
NVD
added yesterday3 views

CVE-2026-14076

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-14058

Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS
Exploits0References2
NVD
NVD
added yesterday3 views

CVE-2026-14047

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...

4.3CVSS
Exploits0References2
NVD
NVD
added yesterday2 views

CVE-2026-13886

Insufficient policy enforcement in Isolated Web Apps in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

Exploits0References2
NVD
NVD
added yesterday4 views

CVE-2026-13876

Inappropriate implementation in Network in Google Chrome prior to 150.0.7871.47 allowed an attacker in a privileged network position to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-14076

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14076

Insufficient policy enforcement in Network in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday11 views

CVE-2026-14058

Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

Exploits0References2
CVE
CVE
added yesterday3 views

CVE-2026-14058

Insufficient policy enforcement in Parser in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score
Exploits0References2
CVE
CVE
added yesterday4 views

CVE-2026-14047

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...

4.3CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added yesterday13 views

CVE-2026-14047

Insufficient policy enforcement in Extensions in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...

Exploits0References2
CVE
CVE
added yesterday2 views

CVE-2026-13886

Google Chrome Isolated Web Apps are affected by CVE-2026-13886 due to insufficient policy enforcement, enabling a remote CSP bypass via a crafted HTML page in versions prior to 150.0.7871.47. The vulnerability, described as a CSP bypass with medium severity, could allow an attacker to bypass cont...

5.8AI score
Exploits0References2
Rows per page
Query Builder