CVE-2026-3846

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...

CVE-2026-3846 Same-origin policy bypass in the CSS Parsing and Computation component

Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...

SUSE CVE-2026-28348

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...

Firefox -- Same-origin policy bypass

https://bugzilla.mozilla.org/showbug.cgi?id=2018400 reports: Same-origin policy bypass in the CSS Parsing and Computation component...

PT-2026-24212

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 148.0.2 Description A bypass of the same-origin policy exists in the CSS Parsing and Computation component. This allows potentially malicious actors to circumvent security restrictions designed to isolate web pages fr...

RenderBlocking 跨站脚本漏洞

RenderBlocking is a media wiki extension developed by Peter Li, designed to prevent page style changes from occurring intermittently. Versions of RenderBlocking prior to 0.1.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderblocking-css in the Inline Asse...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2026:0078-1 Rating: important References: 1259213 Cross-References: CVE-2026-3536 CVE-2026-3537 CVE-2026-3538 CVE-2026-3539 CVE-2026-3540 CVE-2026-3541 CVE-2026-3542 CVE-2026-3543 CVE-2026-3544 CVE-2026-3545...

Fedora 43 : cef (2026-b5f8adc627)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b5f8adc627 advisory. Bump to cef-145.0.28+g51162e8 + chromium 145.0.7632.159 rhbz2437035 CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue i...

OPENSUSE-SU-2026:20332-1 Security update for chromium

This update for chromium fixes the following issues: Changes in chromium: - Chromium 145.0.7632.159 boo1259213 CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue in PowerVR CVE-2026-3538: Integer overflow in Skia CVE-2026-3539: Object lifecycle issue in DevTools...

Chromium: CVE-2026-3541 Inappropriate implementation in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Fedora 44 : cef (2026-9834b25fc2)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-9834b25fc2 advisory. Bump to cef-145.0.28+g51162e8 + chromium 145.0.7632.159 rhbz2437035 CVE-2026-3536: Integer overflow in ANGLE CVE-2026-3537: Object lifecycle issue i...

Fedora 44 : cef (2026-376794abc1)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-376794abc1 advisory. Update to cef-145.0.25 + chromium 145.0.7632.75 CVE-2026-1861: Heap buffer overflow in libvpx CVE-2026-1862: Type Confusion in V8 CVE-2026-2313: Use...

Microsoft Edge (Chromium) < 145.0.3800.97 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 145.0.3800.97. It is, therefore, affected by multiple vulnerabilities as referenced in the March 6, 2026 advisory. - Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to...

openSUSE 16 Security Update : roundcubemail (openSUSE-SU-2026:20323-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20323-1 advisory. Changes to roundcubemail: Update to 1.6.13: This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to...

CVE-2026-3541

An inappropriate implementation flaw was found in the CSS component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=484811719...

CVE-2025-68467

Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...

KLA90909 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. Integer overflow vulnerability in ANGLE can be exploited to cause execute arbitrary code...

Security update for roundcubemail (important)

openSUSE security update: security update for roundcubemail ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20323-1 Rating: important References: bsc1255306 bsc1255308 bsc1257909 bsc1258052 Cross-References: CVE-2025-68460 CVE-2025-68461...

CVE-2026-2593 Greenshift – animation and page builder blocks <= 12.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gspbpostcss post meta value and the dynamicAttributes block attribute in all versions up to, and including, 12.8.5 due to insufficient input sanitization and output escapin...

CVE-2026-28348

lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...