Medium: clamav1.4

Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...

Medium: clamav1.4

Issue Overview: A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker...

Amazon Linux 2023 : clamav1.4, clamav1.4-data, clamav1.4-devel (ALAS2023-2026-1630)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1630 advisory. A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device.This vulnerabili...

Amazon Linux 2023 : clamav1.5, clamav1.5-data, clamav1.5-devel (ALAS2023-2026-1631)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1631 advisory. A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device.This vulnerabili...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : Roundcube Webmail vulnerabilities (USN-8223-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8223-1 advisory. It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibl...

USN-8223-1 roundcube vulnerabilities

It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibly use this issue to cause a homograph attack. CVE-2019-15237 It was discovered that Roundcube Webmail did not properly sanitize certain attributes when handling CSS within HTML messages and...

USN-8223-1: Roundcube Webmail vulnerabilities

It was discovered that Roundcube Webmail mishandled Punycode xn-- domain names. An attacker could possibly use this issue to cause a homograph attack. CVE-2019-15237 It was discovered that Roundcube Webmail did not properly sanitize certain attributes when handling CSS within HTML messages and...

CVE-2026-41305

A flaw was found in PostCSS. This vulnerability allows a remote attacker to perform Cross-Site Scripting XSS by submitting specially crafted CSS. When PostCSS processes and re-stringifies this CSS for embedding within HTML sequences. This oversight enables the injected...

[SECURITY] Fedora 44 Update: nginx-mod-fancyindex-0.6.0-2.fc44

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...

Linux Distros Unpatched Vulnerability : CVE-2026-41305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do...

GHSA-QX2V-QP2M-JG93 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

PostCSS: XSS via Unescaped in CSS Stringify Output Summary PostCSS v8.5.5 latest does not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS values breaks out of the style context, enabling XSS. Proof of Concept...

NPM: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

NPM: PostCSS has XSS via Unescaped in its CSS Stringify Output vulnerability discovered by ? in WordPress Npm postcss versions 8.5.10...

PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

PostCSS: XSS via Unescaped in CSS Stringify Output Summary PostCSS v8.5.5 latest does not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS values breaks out of the style context, enabling XSS. Proof of Concept...

CVE-2026-31586

In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...

DEBIAN-CVE-2026-31586

In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...

EUVD-2026-25479

In the Linux kernel, the following vulnerability has been resolved: mm: blk-cgroup: fix use-after-free in cgwbreleaseworkfn cgwbreleaseworkfn calls cssputwb-blkcgcss and then later accesses wb-blkcgcss again via blkcgunpinonline. If cssput drops the last reference, the blkcg can be freed...

CVE-2026-31586

Summary: CVE-2026-31586 is a Linux kernel use-after-free in blk-cgroup during cgwb_release_workfn. The vulnerability occurs when css_put(wb-&gt;blkcg_css) is followed by accessing wb-&gt;blkcg_css via blkcg_unpin_online(), which can free the blkcg asynchronously (css_free_rwork_fn -&gt; kfree) if...

Cross-site Scripting (XSS)

Overview org.webjars.npm:postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Cross-site Scripting XSS in CSS Stringify Output. An attacker can execute arbitrary JavaScript code in the context of the affected web page by...

Cross-site Scripting (XSS)

Overview postcss is a PostCSS is a tool for transforming styles with JS plugins. Affected versions of this package are vulnerable to Cross-site Scripting XSS in CSS Stringify Output. An attacker can execute arbitrary JavaScript code in the context of the affected web page by submitting crafted CS...

CVE-2026-41305 PostCSS has XSS via Unescaped </style> in its CSS Stringify Output

PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape sequences when stringifying CSS ASTs. When user-submitted CSS is parsed and re-stringified for embedding in HTML tags, in CSS...