CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в firefox

By using 3D CSS in conjunction with JavaScript, content could be rendered outside the webpage’s viewport. This led to a spoofing attack that could be used for phishing or other attacks against users. This vulnerability affects Firefox versions earlier than 88...

6.5CVSS6.8AI score0.00186EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•6 views

Astra Linux - уязвимость в firefox, thunderbird

Applying a CSS filter effect could have access to out-of-bound memory. This could lead to a heap-buffer-overflow, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

8.8CVSS7.8AI score0.00445EPSS

Exploits1References1

AstraLinux•added 2026/05/20 5:53 a.m.•0 views

Astra Linux - уязвимость в firefox, thunderbird

An attacker could have injected CSS into stylesheets that are accessible via internal URIs, such as resource:, thereby bypassing a page’s Content Security Policy. This vulnerability affects Firefox ESR 91.11, Thunderbird 102, Thunderbird 91.11, and Firefox 101...

6.5CVSS6.7AI score0.00065EPSS

5.5CVSS5.6AI score0.0001EPSS

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: sshcss: Fixed a null pointer dereference in loadvideobinaries. The allocation failure of mycs-yuvscalerbinary in loadvideobinaries is followed by a dereference of mycs-yuvscalerbinary after the following call chai...

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в firefox, thunderbird

Firefox behaved slightly differently for already-known resources when loading CSS resources that involved CSS variables. This could have been used to probe the browser history. This vulnerability affects Thunderbird 91.9, Firefox ESR 91.9, and Firefox 100...

6.5CVSS7AI score0.00244EPSS

Exploits1References1

8.8CVSS7.2AI score0.00256EPSS

Astra Linux - уязвимость в chromium

The use of “after free” in CSS in Google Chrome before version 127.0.6533.72 allowed a remote attacker who convinced a user to perform certain UI gestures to potentially exploit heap corruption through a crafted HTML page. Chromium security severity: Medium...

6.1CVSS7.1AI score0.00178EPSS

Astra Linux - уязвимость в firefox, thunderbird

If a custom mouse cursor is specified in CSS, under certain circumstances the cursor might be drawn over the browser UI, potentially causing confusion for users or leading to spoofing attacks. This vulnerability affects Firefox ESR 102.5, Thunderbird 102.5, and Firefox 107...

7.3CVSS6.7AI score0.00077EPSS

Astra Linux - уязвимость в golang-1.19

Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates that contain multiple actions separated by a '/' character may cause the CSS context to close unexpectedly, allowing for the injection of unexpected HTML, if executed with untrusted input...

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в libcroco

The crparserparseselectorcore function in cr-parser.c within libcroco 0.6.12 allows remote attackers to cause a denial of service infinite loop and CPU consumption through a crafted CSS file...

7.1CVSS6.7AI score0.0172EPSS

Exploits4References2

Redos•added 2026/05/20 12:0 a.m.•10 views

ROS-20260520-73-0032

A vulnerability in the CSS component of the Google Chrome browser is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...

8.8CVSS7.6AI score0.00037EPSS

Exploits0

Github Security Blog•added 2026/05/19 3:53 p.m.•6 views

Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)

Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...

5.9AI score

Exploits0References3Affected Software1

Positive Technologies•added 2026/05/19 12:0 a.m.•6 views

PT-2026-41967

5.9CVSS5.9AI score

Exploits0References4

vulnersOsv•added 2026/05/19 12:0 a.m.•4 views

@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-css-layout-api (=1.0.38)

@antv/g-css-layout-api NPM version =1.0.38 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-css-layout-api and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.16.33...

vulnersOsv•added 2026/05/19 12:0 a.m.•4 views

Exploits0

@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-css-typed-om-api (=1.0.38)

@antv/g-css-typed-om-api NPM version =1.0.38 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-css-typed-om-api and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.16.3...

OSV•added 2026/05/16 8:25 p.m.•4 views

Exploits0

MAL-2026-3808 Malicious code in @citi-icg-158830/icgds-react-css (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6255b5d27ddf97d5093328983d54e39a05ce73176cdc472aa2df8499fa506f1e The package @citi-icg-158830/icgds-react-css was found to contain malicious code. Source: ghsa-malware...

OSSF Malicious Packages•added 2026/05/16 8:25 p.m.•4 views

Malicious code in @citi-icg-158830/icgds-react-css (npm)