CVE-2026-11267

Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension. Chromium security severity: Low...

CVE-2026-11260

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

PT-2026-46787

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...

Astra Linux - уязвимость в chromium

Insufficient policy enforcement in the Content Security Policy of Google Chrome prior to version 91.0.4472.77 allowed a remote attacker to bypass the content security policy through a crafted HTML page...

ALSA-2026:18479 Important: qemu-kvm security update

Kernel-based Virtual Machine KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Security Fixes: firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shi...

CVE-2025-59854

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...

Astra Linux – Vulnerability in Firefox

Because Firefox did not implement the unsafe-hashes CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy might have been able to inject executable scripts. This would be severely restricted by the specified Content Security Policy o...

Astra Linux – Vulnerability in Rails

An XSS vulnerability exists in Action Pack versions = 5.2.0 and 5.2.0, which could allow an attacker to bypass the Content Security Policy and generate non-HTML responses...

CVE-2026-40568

Summary (CVE-2026-40568) : FreeScout prior to version 1.8.213 contains a stored XSS in the mailbox signature due to incomplete HTML sanitization in Helper::stripDangerousTags(). The sanitizer blocks only four tags (script, form, iframe, object) and misses event-handler attributes, allowing HTML e...

MiracleLinux 8 : firefox-128.5.1-1.el8_10.ML.1 (AXSA:2024-9056:38)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9056:38 advisory. firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on...

MiracleLinux 7 : firefox-91.11.0-2.0.1.el7.AXS7 (AXSA:2022-3440:15)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2022-3440:15 advisory. Mozilla: CSP sandbox header without allow-scripts can be bypassed via retargeted javascript: URI CVE-2022-34468 Mozilla: Use-after-free in nsSHistor...

MiracleLinux 7 : firefox-128.5.1-1.0.1.el7.AXS7 (AXSA:2024-9409:41)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9409:41 advisory. firefox: thunderbird: CSP Bypass and XSS Exposure via Web Compatibility Shims CVE-2024-11694 firefox: thunderbird: Unhandled Exception in Add-on...

MiracleLinux 9 : thunderbird-128.5.0-1.el9_5.ML.1 (AXSA:2024-9440:30)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9440:30 advisory. thunderbird: Potential disclosure of plaintext in OpenPGP encrypted message CVE-2024-11159 firefox: thunderbird: CSP Bypass and XSS Exposure via Web...

Nextcloud Server XSS Vulnerability (GHSA-qcw2-p26m-9gc5)

Nextcloud Server is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-66512

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server and Server Enterprise prior to 31.0.12 and 32.0.3, a missing sanitization allowed malicious users to circumvent the content security policy when a malicious user manages to trick a user it viewing an uploaded SVG outside...

GHSA-VV2V-PW69-8CRF Directus is Vulnerable to Stored Cross-site Scripting

Summary A stored cross-site scripting XSS vulnerability exists that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface. Attackers can bypass Content Security Policy CSP restrictions by combining file uploads with iframe srcdo...

CVE-2025-64747 Directus Vulnerable to Stored Cross-site Scripting

Directus is a real-time API and App dashboard for managing SQL database content. A stored cross-site scripting XSS vulnerability exists in versions prior to 11.13.0 that allows users with upload files and edit item permissions to inject malicious JavaScript through the Block Editor interface...

Astra Linux – Vulnerability in Firefox, Thunderbird

The XSLT document loading failed to properly propagate the source document, which bypassed its CSP. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

AlmaLinux 10 : firefox (ALSA-2025:11797)

The remote AlmaLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:11797 advisory. firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefo...

EUVD-2018-16960

Malware in sbrugna...