32 matches found
EUVD-2026-40834
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40785
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40525
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-14147
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14145
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...
CVE-2026-14145
CVE-2026-14145 corresponds to an UXSS issue in Google Chrome caused by an inappropriate CSS implementation, permitting a remote attacker to inject arbitrary scripts/HTML via a crafted HTML page. Affected software is Chrome (pre-150.0.7871.47). The underlying impact is confined to user-level data ...
CVE-2026-13836
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: High...
CVE-2026-13837
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2026-11155
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...
CVE-2026-11186
Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...
PT-2026-46683
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in CSS allows a remote attacker to leak cross-origin data, which is information from a different domain than the one serving the page, by using a crafted...
PT-2026-46713
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in CSS allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is the ability to execute scripts across different origins, by usin...
USN-8223-1: Roundcube Webmail vulnerabilities
It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibly use this issue to cause a homograph attack. CVE-2019-15237 It was discovered that Roundcube Webmail did not properly sanitize certain attributes when handling CSS within HTML messages and...
EUVD-2026-9489
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...
SUSE CVE-2010-2264
The Cascading Style Sheets CSS implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages...
Microsoft Internet Explorer 11109 - MSHTML PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read (MS16-104)
Microsoft Internet Explorer 11109 - MSHTML PROPERTYDESC::HandleStyleComponentProperty Out-of-Bounds Read MS16-104 // This PoC attempts to exploit a memory disclosure bug in Microsoft Internet // Explorer 11. On x64 systems, this should cause an access violation when // run with page-heap...
Mozilla Thunderbird SVG Content and CSS Handling Buffer Overflow Vulnerability
Mozilla Thunderbird is a mail tool adapted from the mail widget of the Mozilla browser. A buffer overflow vulnerability exists in Mozilla Thunderbird's handling of SVG content and CSS, which allows remote attackers to exploit the vulnerability by submitting a specially crafted HTML message that c...
Google Chrome < 14.0.835.163 Multiple Vulnerabilities
Binary data 800955.prm...
CVE-2011-2347
Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets CSS token sequences, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via unknown vectors...
CVE-2011-1294
Google Chrome before 10.0.648.204 does not properly handle Cascading Style Sheets CSS token sequences, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."...