86 matches found
CVE-2026-13876
CVE-2026-13876 involves an inappropriate implementation in the Network stack of Google Chrome before version 150.0.7871.47 . The issue allows an attacker with a privileged network position to bypass the page content Security Policy (CSP) through malicious network traffic. The connected documents ...
PT-2026-50557
Name of the Vulnerable Software and Affected Versions marimo versions prior to 0.23.9 Description A reflected cross-site scripting issue exists in the notebook page. Unauthenticated attackers can inject arbitrary JavaScript by exploiting improper escaping of single quotes in the file query...
SUSE CVE-2026-11292
Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11264
Policy bypass in Content Security Policy in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-11038
Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. Chromium security severity: Medium...
CVE-2026-11025
Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Medium...
Astra Linux – Vulnerability in Chromium
Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
GHSA-9C3J-XM6V-J7J3 MantisBT has a Content Security Policy bypass via attachments
Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's script-src directive by uploading a crafted attachment to any issue that, when accessed via the filedownload.php link, will be downloaded with a valid JavaScript MIME type resulting in...
RHEL 8 : webkit2gtk3 (RHSA-2026:10702)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:10702 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: Processing maliciously...
MiracleLinux 9 : firefox-128.5.1-1.el9_5.ML.1 (AXSA:2024-9493:42)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9493:42 advisory. firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting
Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...
EUVD-2020-27595
Malware in sbrugna...
EUVD-2020-19482
Malware in sbrugna...
Unity Linux 20.1070a Security Update: firefox (UTSA-2025-987442)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987442 advisory. XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox 141, Firefox ESR 128.13, Firefox ESR...
Linux Distros Unpatched Vulnerability : CVE-2025-9866
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Extensions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to bypass content security policy via a crafted HTM...
Outline 跨站脚本漏洞
Outline is an Outline open source knowledge base. A cross-site scripting vulnerability exists in Outline 0.83.0 and earlier versions that stems from a CSP bypass of the local file system storage function...
firefox: thunderbird: XSLT documents could bypass CSP
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: XSLT document loading incorrectly propagates the source document which bypassed its CSP...
SUSE CVE-2025-8032
XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...
Mozilla Thunderbird < 140.0
The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 140.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-54 advisory. - Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of...