5705 matches found
CVE-2026-3541
CVE-2026-3541 affects Google Chrome (Chromium) prior to version 145.0.7632.159, where an inappropriate CSS implementation could allow a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. The vulnerability is described as high severity. Remediation is to update to Chr...
CVE-2026-3541
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. Chromium security severity: High...
EUVD-2026-9433
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
DEBIAN-CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
UBUNTU-CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
CVE-2026-20031
The CVE-2026-20031 entry describes a vulnerability in the HTML CSS module of ClamAV where improper handling of UTF-8 strings during HTML scanning can cause the scanner to terminate (DoS). Attack requires no authentication and can be triggered by submitting a crafted HTML file for scanning on an a...
ClamAV Cascading Style Sheets Image Parsing Error Handling Denial of Service Vulnerability
A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...
PT-2026-23066
Dark Reader is an accessibility browser extension that makes web pages colors dark. The dynamic dark mode feature of the extension works by analyzing the colors of web pages found in CSS style sheet files. In order to analyze cross-origin style sheets stored on websites different from the origina...
KLA90908 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Integer overflow vulnerability in ANGLE can be exploited to cause execute arbitrary code and...
PT-2026-23052
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 145.0.7632.159 Description An issue exists in Google Chrome related to an inappropriate implementation in CSS. This could allow a remote attacker to perform an out of bounds memory read through a specially craft...
Improper Encoding or Escaping of Output
Overview lxml-html-clean is a HTML cleaner from lxml project Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output in the hassneakyjavascript function. An attacker can cause external CSS to be loaded or execute scripts in certain browsers by injecting special...
GHSA-HW26-MMPG-FQFG lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes
Summary The hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters, allowing external CSS loading or XSS in older browsers. Details The root cause is located in clean.py around...
lxml-html-clean has CSS @import Filter Bypass via Unicode Escapes
Summary The hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters, allowing external CSS loading or XSS in older browsers. Details The root cause is located in clean.py around...
PT-2026-22989
Name of the Vulnerable Software and Affected Versions lxml html clean versions prior to 0.4.4 Description The has sneaky javascript method in lxml html clean incorrectly strips backslashes before checking for dangerous CSS keywords. This allows CSS Unicode escape sequences to bypass the @import a...
Exploit for Use After Free in Google Chrome
CVE-2026-2441 — Chrome CSSFontFeatureValuesMap Use-After-Free...
EUVD-2026-9107
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...
CVE-2026-28558 wpForo Forum 2.4.14 Stored XSS via SVG Avatar File Upload
wpForo Forum 2.4.14 contains a stored cross-site scripting vulnerability that allows authenticated subscribers to upload SVG files as profile avatars through the avatar upload functionality. Attackers upload a crafted SVG containing CSS injection or JavaScript event handlers that execute in the...