Lucene search
K

1472 matches found

Cvelist
Cvelist
added 2026/06/29 9:20 a.m.50 views

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS0.0012EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/25 5:47 p.m.6 views

EUVD-2026-39509

Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code...

8.4CVSS6AI score0.00134EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:47 p.m.13 views

CVE-2026-12897

Horner Automation Cscape shows an Out-of-Bounds Read vulnerability in versions prior to 10.2 SP3, caused by parsing CSP files. The issue can lead to information disclosure and arbitrary code execution. Affected product: Horner Automation Cscape. Root cause: improper handling during CSP file parsi...

8.4CVSS6AI score0.00134EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 5:47 p.m.21 views

CVE-2026-12897 Out-of-bounds read in Horner Automation Cscape

Horner Automation Cscape versions prior to 10.2 SP3 are vulnerable to an Out-of-Bounds Read vulnerability through parsing CSP files. Successful exploitation of this vulnerability could allow an attacker to disclose information and execute arbitrary code...

8.4CVSS0.00134EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.14 views

PT-2026-52534

Name of the Vulnerable Software and Affected Versions Horner Automation Cscape versions prior to 10.2 SP3 Description An Out-of-Bounds Read occurs during the parsing of CSP files. This issue allows an attacker to disclose sensitive information and execute arbitrary code. Recommendations Update...

8.4CVSS5.9AI score0.00134EPSS
Exploits0References4
CVE
CVE
added 2026/06/22 7:56 p.m.31 views

CVE-2026-44727

Jupyter Server (prior to 2.20) is affected by a stored XSS in the nbconvert HTML export path. The nbconvert HTTP handlers NbconvertFileHandler and NbconvertPostHandler render notebook HTML under the Jupyter origin without a sandbox directive in Content-Security-Policy, and NbconvertHTMLExporter’s...

9.3CVSS5.9AI score0.00227EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

RHEL 7 : webkitgtk4 (RHSA-2026:27728)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27728 advisory. WebKitGTK+ is port of the WebKit portable web rendering engine to the GTK+ platform. These packages provide WebKitGTK+ for GTK+ 3. Security...

8.8CVSS6.8AI score0.00693EPSS
Exploits0References34
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.15 views

Linux Distros Unpatched Vulnerability : CVE-2026-11025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via...

6.5CVSS5.5AI score0.0028EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/04 11:6 p.m.43 views

CVE-2026-11267

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...

0.00139EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/04 11:6 p.m.10 views

CVE-2026-11260

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.5AI score0.00182EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/04 12:14 p.m.7 views

CVE-2025-59874

HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable...

8.1CVSS5.7AI score0.00268EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.14 views

PT-2026-46787

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00182EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-44581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Next.js is a React framework for building full-stack web applications. From 13.4.0 to before 15.5.16 and 16.2.5, App Router applications that rely on CSP nonces...

4.7CVSS5.8AI score0.00222EPSS
Exploits1References2
EUVD
EUVD
added 2026/06/01 3:32 a.m.14 views

EUVD-2026-33548

An improper neutralization of active SVG content in OTRS or OTRS Community Edition ticket article rendering allows attackers to inject specially crafted SVG payloads via email content, leading to browser-side resource exhaustion and denial of service when affected tickets are opened by an agent o...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/29 8:13 a.m.20 views

CVE-2026-9137

The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...

7.5CVSS5.7AI score0.00365EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/20 6:43 p.m.13 views

EUVD-2026-31155

The CSP report endpoint intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource exhaustion...

5.1CVSS5.7AI score0.00365EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Thunderbird, Firefox

A poorly handled security check during the creation of a WebSocket in a WebWorker caused the Content Security Policy’s connect-src header to be ignored. This could lead to connections being made to restricted origins from within WebWorkers. This vulnerability affects Firefox 109, Firefox ESR 102....

6.5CVSS6.7AI score0.00601EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Firefox and Thunderbird

Documents loaded with the CSP sandbox directive could have escaped the sandbox’s script restrictions by embedding additional content. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

6.1CVSS6.5AI score0.01352EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Rails

An XSS vulnerability exists in Action Pack versions = 5.2.0 and 5.2.0, which could allow an attacker to bypass the Content Security Policy and generate non-HTML responses...

6.1CVSS5.7AI score0.01594EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Firefox

Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy might have been able to inject executable scripts. This would be severely restricted by the specified Content Security Policy o...

8.8CVSS7.8AI score0.00697EPSS
Exploits0References2
Rows per page
Query Builder