fontawesome-fonts bug fix update

An update is available for fontawesome-fonts. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Font Awesome gives you scalable vector icons that can instantly be...

USN-7502-1: Horde Css Parser vulnerability

It was discovered that Horde Css Parser did not correctly handle parsing uncontrolled CSS data. An attacker could possibly use this issue to perform remote code execution. CVE-2020-13756...

USN-7502-1 php-horde-css-parser vulnerability

It was discovered that Horde Css Parser did not correctly handle parsing uncontrolled CSS data. An attacker could possibly use this issue to perform remote code execution. CVE-2020-13756...

Ubuntu 16.04 LTS / 18.04 LTS : Horde Css Parser vulnerability (USN-7502-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7502-1 advisory. It was discovered that Horde Css Parser did not correctly handle parsing uncontrolled CSS data. An attacker could possibly use this issue to perform...

CVE-2025-46340

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

CVE-2025-46340

Misskey CSS style injection vulnerability (CVE-2025-46340) affects 12.0.0 up to 2025.4.0 due to inadequate validation in UrlPreviewService and MkUrlPreview, enabling arbitrary CSS in MkUrlPreview and potential de-anonymization/related client attacks. UrlPreviewService.wrap avoids non-http/https U...

CVE-2025-46340 Misskey CSS Style Injection Vulnerability In `MkUrlPreview`

Misskey is an open source, federated social media platform. Starting in version 12.0.0 and prior to version 2025.4.1, due to an oversight in the validation performed in UrlPreviewService and MkUrlPreview, it is possible for an attacker to inject arbitrary CSS into the MkUrlPreview component...

PT-2025-19769 · Misskey · Misskey

Name of the Vulnerable Software and Affected Versions: Misskey versions 12.0.0 through 2025.4.0 Description: The issue arises from an oversight in validation performed in UrlPreviewService and MkUrlPreview, allowing an attacker to inject arbitrary CSS into the MkUrlPreview component. This can lea...

DEBIAN-CVE-2022-49786

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...

CVE-2022-49786 blk-cgroup: properly pin the parent in blkcg_css_online

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcgcssonline blkcgcssonline is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins,...

CVE-2025-27295

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through = 1.3...

CVE-2025-39601

Cross-Site Request Forgery CSRF vulnerability in WPFactory Custom CSS, JS & PHP custom-css allows Remote Code Inclusion.This issue affects Custom CSS, JS & PHP: from n/a through = 2.4.1...

CVE-2025-39428

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS...

CVE-2025-27295

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through = 1.3...

CVE-2025-27295 WordPress Live css plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through = 1.3...

CVE-2025-27295

CVE-2025-27295 corresponds to a Cross-Site Scripting (stored XSS) flaw in the WordPress plugin Live css (wpion Live css). Affected: Live css versions up to 1.3. Root cause: improper input neutralization during web page generation. Impact: stored XSS risk for page visitors; CVSS v3.1 base score 7....

CVE-2025-27295 WordPress Live css plugin <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpion Live css css-live allows Stored XSS.This issue affects Live css: from n/a through = 1.3...

CVE-2025-39428 WordPress Gravity Forms CSS Themes with Fontawesome and Placeholders plugin <= 8.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Maros Pristas Gravity Forms CSS Themes with Fontawesome and Placeholders gravity-forms-css-themes-with-fontawesome-and-placeholder-support allows Stored XSS.This issue affects Gravity Forms CSS...