Lucene search
K

86 matches found

CVE
CVE
added 2026/06/30 10:38 p.m.14 views

CVE-2026-13876

CVE-2026-13876 involves an inappropriate implementation in the Network stack of Google Chrome before version 150.0.7871.47 . The issue allows an attacker with a privileged network position to bypass the page content Security Policy (CSP) through malicious network traffic. The connected documents ...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50557

Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...

6.1CVSS5.1AI score0.00239EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/06/07 4:39 a.m.9 views

SUSE CVE-2026-11292

Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00186EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/04 11:6 p.m.9 views

CVE-2026-11264

Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00182EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/04 11:4 p.m.34 views

CVE-2026-11038

Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. Chromium security severity: Medium...

0.00193EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/04 11:4 p.m.7 views

CVE-2026-11025

Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...

5.5AI score0.0028EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Chromium

Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

6.5CVSS6.7AI score0.00491EPSS
Exploits1References1
OSV
OSV
added 2026/05/11 7:34 p.m.12 views

GHSA-9C3J-XM6V-J7J3 MantisBT has a Content Security Policy bypass via attachments

Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via the filedownload.php link, will be downloaded with a valid JavaScript MIME type resulting in...

7.6CVSS5.8AI score0.00498EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/27 12:0 a.m.5 views

RHEL 8 : webkit2gtk3 (RHSA-2026:10702)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10702 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...

8.8CVSS5.2AI score0.00961EPSS
Exploits2References38
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.7 views

MiracleLinux 9 : firefox-128.5.1-1.el9_5.ML.1 (AXSA:2024-9493:42)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9493:42 advisory. firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on...

8.8CVSS8.3AI score0.00762EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/11/13 9:13 p.m.8 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS0.00215EPSS
Exploits1References2
OSV
OSV
added 2025/11/13 9:13 p.m.4 views

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

5.5CVSS5.9AI score0.00215EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-27595

Malware in sbrugna...

6.5CVSS7.1AI score0.01899EPSS
Exploits0References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-19482

Malware in sbrugna...

6.1CVSS7.8AI score0.01307EPSS
Exploits0References24
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: firefox (UTSA-2025-987442)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987442 advisory. XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR...

8.1CVSS8.1AI score0.00305EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/06 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-9866

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTM...

8.8CVSS5.5AI score0.00353EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.3 views

Outline 跨站脚本漏洞

Outline is an Outline open source knowledge base. A cross-site scripting vulnerability exists in Outline 0.83.0 and earlier versions that stems from a CSP bypass of the local file system storage function...

6.8CVSS5.9AI score0.00353EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/08/11 5:31 p.m.4 views

firefox: thunderbird: XSLT documents could bypass CSP

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...

8.1CVSS7.3AI score0.00305EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2025/07/23 11:25 p.m.3 views

SUSE CVE-2025-8032

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

6.3CVSS7.2AI score0.00305EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2025/07/02 12:0 a.m.4 views

Mozilla Thunderbird < 140.0

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-54 advisory. - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of...

9.8CVSS7.1AI score0.03057EPSS
Exploits0References12
Rows per page
Query Builder