5732 matches found
Astra Linux - уязвимость в chromium
In Google Chrome, memory access out of bounds in CSS before version 116.0.5845.110 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...
ROS-20260520-73-0032
A vulnerability in the CSS component of the Google Chrome browser is related to reading data outside of buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted HTML page...
Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write)
Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...
PT-2026-41967
Summary The screenshot/print proxy /proxy?data=… maintains a package-level assets mapstringMessageAssets cache, but reads the map without holding assetsMutex while a long-running cleanup goroutine and re-entrant CSS-rewriting code path concurrently write to it under the lock. When the...
@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-css-layout-api (=1.0.38)
@antv/g-css-layout-api NPM version =1.0.38 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-css-layout-api and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.16.33...
@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-css-typed-om-api (=1.0.38)
@antv/g-css-typed-om-api NPM version =1.0.38 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-css-typed-om-api and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.16.3...
@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-css-typed-om-api (=1.0.38)
@antv/g-css-typed-om-api NPM version =1.0.38 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-css-typed-om-api and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.16.3...
@antv/f-engine (=0.0.2), @antv/f-my (=0.0.2) +3 more potentially affected by unknown CVE via @antv/g-css-layout-api (=1.0.38)
@antv/g-css-layout-api NPM version =1.0.38 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/g-css-layout-api and may be impacted: - @antv/f-engine =0.0.2 - @antv/f-my =0.0.2 - @antv/f-react =0.0.2 - @antv/f2-wx =0.0.2 - @antv/g =5.8.9, =5.16.33...
Malicious code in @citi-icg-158830/icgds-react-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6255b5d27ddf97d5093328983d54e39a05ce73176cdc472aa2df8499fa506f1e The package @citi-icg-158830/icgds-react-css was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3808 Malicious code in @citi-icg-158830/icgds-react-css (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6255b5d27ddf97d5093328983d54e39a05ce73176cdc472aa2df8499fa506f1e The package @citi-icg-158830/icgds-react-css was found to contain malicious code. Source: ghsa-malware...
SUSE-SU-2026:21801-1 Security update for emacs
This update for emacs fixes the following issue: - CVE-2026-6861: memory corruption when processing specially crafted SVG CSS data bsc1262611. - Build with tree-sitter-0.26.8 security update bsc1262007...
SUSE CVE-2026-44312
cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...
PT-2026-41420
Name of the Vulnerable Software and Affected Versions Essential Chat Support versions prior to 1.0.2 Description The Essential Chat Support plugin for WordPress contains an authorization bypass. The plugin fails to properly verify if a user is authorized to perform specific actions, allowing...
[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.6.0-4.fc42
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
[SECURITY] Fedora 43 Update: nginx-mod-fancyindex-0.6.0-4.fc43
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-4.fc44
The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...
FreeBSD : mail/mailpit -- multiple vulnerabilities (6e701ad2-4f61-11f1-af6d-10ffe07f9334)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6e701ad2-4f61-11f1-af6d-10ffe07f9334 advisory. Mailpit author reports: Set a default 50MB per message limit to prevent DoS via unlimited SMTP...
CVE-2026-44458
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, the JSX renderer escapes style attribute object values for HTML but not for CSS. Untrusted input in a style object value or property name can therefore inject additional CSS declarations into t...
MAL-2026-3776 Malicious code in typography-stylecss (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4eeb50f69746fd21696baaa7d3534bbd22489edb037742ca591d49ca88981f70 The package impersonates the legitimate @tailwindcss/typography plugin: README, src/index.js, src/utils.js, and src/styles.js are copied verbatim fro...
CVE-2026-27680 CSS Injection vulnerability in SAP NetWeaver Application Server ABAP
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets CSS data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result...