5735 matches found
CVE-2026-5273
Concrete details found: CVE-2026-5273 is a use-after-free in CSS handling in Google Chrome prior to 146.0.7680.178, allowing remote code execution inside the sandbox via a crafted HTML page. The issue affects Chrome/Chromium CSS processing and is addressed by the Chrome update to 146.0.7680.178 (...
Astra Linux – Vulnerability in Firefox
Bypass of the same-origin policy in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...
Astra Linux – Vulnerability in Chromium
The use of after-free in CSS in Google Chrome before version 145.0.7632.75 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted HTML page. Chromium security severity: High...
Astra Linux – Vulnerability in Chromium
Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out-of-bounds memory read via a crafted HTML page. Chromium security severity: High...
Google Chrome < 146.0.7680.177 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 146.0.7680.177. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop31 advisory. - Use after free in Compositing in Google Chrome prior to 146.0.7680.178...
Linux Distros Unpatched Vulnerability : CVE-2026-5273
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in CSS in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
KLA90963 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in CSS can be exploited to cause denial of service or execute...
[SECURITY] [DLA 4517-1] roundcube security update
Debian LTS Advisory DLA-4517-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin March 30, 2026 https://wiki.debian.org/LTS Package : roundcube Version : 1.4.15+dfsg.1-1+deb11u8 CVE ID : not yet available Debian Bug : 1131182 1132268 Multiple vulnerabilities were...
openSUSE 16 Security Update : chromium (openSUSE-SU-2026:20427-1)
The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20427-1 advisory. Changes in chromium: - Chromium 146.0.7680.164 boo1260376 CVE-2026-4673: Heap buffer overflow in WebAudio CVE-2026-4674: Out of bounds read in C...
Chromium: CVE-2026-4442 Heap buffer overflow in CSS
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
Cross-site Scripting (XSS)
Overview @n8n/n8n-nodes-langchain is a Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Custom CSS field in the Chat Trigger node due to improper sanitization in the sanitize-html library. An authenticated user with permission to create or modify workflows and...
GHSA-3C7F-5HGJ-H279 n8n has XSS in Chat Trigger Node through Custom CSS
Impact An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the sanitize-html library, the sanitization could be bypassed, resulting in stored XSS on the public chat...
n8n has XSS in Chat Trigger Node through Custom CSS
Impact An authenticated user with permission to create or modify workflows could inject malicious JavaScript into the Custom CSS field of the Chat Trigger node. Due to a misconfiguration in the sanitize-html library, the sanitization could be bypassed, resulting in stored XSS on the public chat...
OESA-2026-1709 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.CVE-2025-59375 Race...
OESA-2026-1708 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.CVE-2025-59375 Race...
OESA-2026-1707 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.CVE-2025-59375 Race...
OESA-2026-1706 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.CVE-2025-59375 Race...
OESA-2026-1705 firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. Security Fixes: libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.CVE-2025-59375 Race...
KLA90953 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Heap buffer overflow vulnerability in CSS can be exploited ...
CVE-2026-3846
Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2...