CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

122 matches found

SUSE CVE•added 2026/05/16 1:11 a.m.•3 views

SUSE CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.8AI score0.00021EPSS

Exploits0References3

NVD•added 2026/05/14 5:16 p.m.•8 views

CVE-2026-44312

5.8CVSS0.00021EPSS

Exploits0References4

OSV•added 2026/05/14 5:16 p.m.•1 views

UBUNTU-CVE-2026-44312

5.8CVSS5.8AI score0.00021EPSS

Exploits0References6

UbuntuCve•added 2026/05/14 5:16 p.m.•3 views

CVE-2026-44312

5.8CVSS5.8AI score0.00021EPSS

Exploits0References5

Cvelist•added 2026/05/14 4:15 p.m.•32 views

CVE-2026-44312 css_parser allows to MITM included https css urls

5.8CVSS0.00021EPSS

Exploits0References4

Debian CVE•added 2026/05/14 4:15 p.m.•7 views

CVE-2026-44312

5.8CVSS5.8AI score0.00021EPSS

Exploits0

Vulnrichment•added 2026/05/14 4:15 p.m.•3 views

CVE-2026-44312 css_parser allows to MITM included https css urls

5.8CVSS5.8AI score0.00021EPSS

Exploits0References4

EUVD•added 2026/05/14 4:15 p.m.•7 views

EUVD-2026-30330

5.8CVSS5.8AI score0.00021EPSS

Exploits0References4

ATTACKERKB•added 2026/05/14 4:15 p.m.•7 views

CVE-2026-44312

5.8CVSS5.8AI score0.00021EPSS

Exploits0References5Affected Software1

CNNVD•added 2026/05/14 12:0 a.m.•5 views

Ruby CSS Parser 信任管理问题漏洞

Ruby CSS Parser is an open-source tool developed by premailer, used for loading, parsing, and cascading CSS rule sets. Versions of Ruby CSS Parser prior to 2.1.0 and 1.22.0 had a trust management vulnerability. This vulnerability stemmed from unvalidated HTTPS connections, where connections were...

5.8CVSS5.8AI score0.00021EPSS

Exploits0References1

Tenable Nessus•added 2026/05/14 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-44312

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to...

5.8CVSS5.8AI score0.00021EPSS

Exploits0References3

Snyk•added 2026/05/07 2:6 a.m.•6 views

Unsafe Dependency Resolution

Overview Affected versions of this package are vulnerable to Unsafe Dependency Resolution due to improper validation of HTTPS certificates in the parser process. An attacker can inject or modify remote CSS content by performing a man-in-the-middle attack during stylesheet loading over HTTPS...

6.9CVSS5.8AI score0.00021EPSS

Exploits0References3

Github Security Blog•added 2026/05/07 2:6 a.m.•9 views

CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content

Summary The CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning any HTTPS certificate—even entirely untrusted—will...

5.8CVSS5.8AI score0.00021EPSS

Exploits0References6Affected Software1

OSV•added 2026/05/07 2:6 a.m.•2 views

GHSA-FF6C-W6QF-7XQC CSS Parser: Improper Certificate Validation allows MITM injection of remote CSS content

5.8CVSS5.8AI score0.00021EPSS

Exploits0References6

Positive Technologies•added 2026/05/07 12:0 a.m.•6 views

PT-2026-38404

Name of the Vulnerable Software and Affected Versions css parser versions prior to 1.22.0 css parser versions prior to 2.1.0 Description The software fails to validate HTTPS connections when loading stylesheets, which allows a Man-in-the-Middle MITM attacker to inject or modify CSS content. This...

5.8CVSS5.8AI score0.00021EPSS

Exploits0References7

GithubExploit•added 2025/12/06 9:33 a.m.•123 views

Exploit for Code Injection in Sabberworm Php_Css_Parser

CVE-2020-13756 Vulnerable Environment Vulnerable test environ...

9.8CVSS7.3AI score0.27848EPSS

Exploits4

Debian•added 2025/10/14 4:52 p.m.•5 views

[SECURITY] [DLA 4333-1] php-horde-css-parser security update

Debian LTS Advisory DLA-4333-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson October 14, 2025 https://wiki.debian.org/LTS Package : php-horde-css-parser Version : 1.0.11-8+deb11u1 CVE ID : CVE-2020-13756 Debian Bug : Sabberworm PHP CSS Parser before 8.3.1 cal...

9.8CVSS7.7AI score0.27848EPSS

Exploits4

Tenable Nessus•added 2025/10/14 12:0 a.m.•3 views

Debian dla-4333 : php-horde-css-parser - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4333 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4333-1 [email protected] https://www.debian.org/lts/security/...

9.8CVSS8.9AI score0.27848EPSS

Exploits4References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2012-4441

Malware in sbrugna...

8.8CVSS8.6AI score0.09978EPSS

Exploits6References17

Tenable Nessus•added 2025/08/27 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2020-13756

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data, possibly leading to remote code execution if the function allSelectors or...

9.8CVSS8.4AI score0.27848EPSS

Exploits4References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by