CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5731 matches found

RedhatCVE•added 2026/06/05 7:36 p.m.•8 views

CVE-2026-41148

A flaw was found in Mermaid, a JavaScript tool used for creating diagrams. This vulnerability, identified as a CSS injection, allows a remote attacker to inject arbitrary CSS rules due to improper sanitization of user-controlled style strings. By exploiting an unrestricted regular expression in t...

5.4CVSS5.5AI score0.00338EPSS

Exploits0References9

RedhatCVE•added 2026/06/05 7:31 p.m.•8 views

CVE-2026-33889

ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in the @apostrophecms/color-field module, where color values prefixed with -- bypass TinyColor validation intended for CSS custom properties, and the...

5.4CVSS5.2AI score0.0021EPSS

Exploits1References1

RedhatCVE•added 2026/06/05 7:30 p.m.•7 views

CVE-2026-24574

Cross-Site Request Forgery CSRF vulnerability in Recorp Export WP Page to Static HTML/CSS allows Cross Site Request Forgery. This issue affects Export WP Page to Static HTML/CSS: from n/a through 6.0.0...

6.5CVSS5.5AI score0.0014EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:28 p.m.•7 views

CVE-2026-4811

The WPB Floating Menu & Categories for WordPress – Sticky Side Menu with Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Icon CSS Class' category field in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This mak...

4.9CVSS5.7AI score0.00311EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:25 p.m.•7 views

CVE-2026-44312

cssparser is a Ruby CSS parser. Prior to 2.1.0 and 1.22.0, the CSS Parser gem does not validate HTTPS connections, allowing a Man-in-the-Middle MITM attacker to inject or modify CSS content when stylesheets are loaded via HTTPS. The connection is established with OpenSSL::SSL::VERIFYNONE, meaning...

5.8CVSS5.4AI score0.00146EPSS

Exploits0References1

Microsoft CVE•added 2026/06/05 2:0 p.m.•8 views

Chromium: CVE-2026-11076 Type Confusion in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

8.8CVSS5.4AI score0.00312EPSS

Exploits0

Microsoft CVE•added 2026/06/05 2:0 p.m.•6 views

Chromium: CVE-2026-11288 Policy bypass in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

6.5CVSS5.4AI score0.00197EPSS

Exploits0

Microsoft CVE•added 2026/06/05 2:0 p.m.•7 views

Chromium: CVE-2026-11162 Insufficient policy enforcement in CSS

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

4.3CVSS5.4AI score0.00187EPSS

Exploits0

ATTACKERKB•added 2026/06/05 11:29 a.m.•11 views

CVE-2026-11345

An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...

6.9CVSS5.6AI score0.00414EPSS

Exploits0References2

EUVD•added 2026/06/05 12:31 a.m.•6 views

EUVD-2026-34623

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00187EPSS

Exploits0References3

EUVD•added 2026/06/05 12:31 a.m.•7 views

EUVD-2026-34617

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00152EPSS

Exploits0References3

NVD•added 2026/06/05 12:17 a.m.•10 views

CVE-2026-11288

Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

6.5CVSS0.00197EPSS

Exploits0References2

Tenable Nessus•added 2026/06/05 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11186

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTM...

6.1CVSS5.7AI score0.00159EPSS

Exploits0References2

OSV•added 2026/06/04 11:17 p.m.•4 views

DEBIAN-CVE-2026-11186

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Medium...

6.1CVSS5.6AI score0.00159EPSS

Exploits0References1

NVD•added 2026/06/04 11:17 p.m.•8 views

CVE-2026-11186

6.1CVSS0.00159EPSS

Exploits0References2

NVD•added 2026/06/04 11:17 p.m.•7 views

CVE-2026-11162

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.00187EPSS

Exploits0References2

NVD•added 2026/06/04 11:17 p.m.•6 views

CVE-2026-11156

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.00152EPSS

Exploits0References2

OSV•added 2026/06/04 11:17 p.m.•4 views

DEBIAN-CVE-2026-11156

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.5AI score0.00152EPSS

Exploits0References1

OSV•added 2026/06/04 11:17 p.m.•6 views

DEBIAN-CVE-2026-11155

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS5.5AI score0.00152EPSS

Exploits0References1

NVD•added 2026/06/04 11:17 p.m.•7 views

CVE-2026-11155

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

4.3CVSS0.00152EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by