CVE-2026-0669

A flaw was found in the MediaWiki CSS extension. This vulnerability, categorized as a Path Traversal, allows a remote attacker to access restricted directories. By manipulating file paths, an attacker can read arbitrary files on the server, potentially leading to the disclosure of sensitive...

CVE-2026-0669

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

CVE-2026-0669

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

CVE-2026-0669 Path Traversal vulnerability in CSS extension on certain web servers

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Wikimedia Foundation MediaWiki - CSS extension allows Path Traversal.This issue affects MediaWiki - CSS extension: 1.44, 1.43, 1.39...

CVE-2026-0669

CVE-2026-0669 affects the MediaWiki CSS extension versions 1.39–1.44. The vulnerability is an improper limitation of a pathname to a restricted directory (path traversal) that could allow a remote attacker to read arbitrary server files, potentially leading to sensitive disclosures. Exploitation ...

CVE-2019-16108

phpBB 3.2.7 allows adding an arbitrary Cascading Style Sheets CSS token sequence to a page through BBCode...

MediaWiki - CSS extension 安全漏洞

MediaWiki - CSS extension is an open source CSS extension plugin for MediaWiki. A security vulnerability exists in MediaWiki - CSS extension versions 1.44, 1.43, and 1.39, which stems from an improperly restricted pathname and can lead to path traversal...

PT-2026-1965

Name of the Vulnerable Software and Affected Versions MediaWiki - CSS extension versions 1.39 through 1.44 Description An issue exists in the MediaWiki - CSS extension related to improper limitation of a pathname to a restricted directory, allowing for path traversal. This can potentially allow...

WordPress Multi-column Tag Map plugin <= 17.0.39 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'mctm_css_conditional' Parameter vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via 'mctmcssconditional' Parameter vulnerability discovered by Bhayanak Atma in WordPress Plugin Multi-column Tag Map versions = 17.0.39...

Malicious code in oj-sp-css-additions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76f44dd1651a643e28e082a676732a19e8a8a8fcf5b2f88264aa47c7f5e31dce The package oj-sp-css-additions was found to contain malicious code. Source: ghsa-malware...

EUVD-2026-1135

Malicious code in oj-sp-css-additions npm...

MAL-2026-64 Malicious code in oj-sp-css-additions (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 76f44dd1651a643e28e082a676732a19e8a8a8fcf5b2f88264aa47c7f5e31dce The package oj-sp-css-additions was found to contain malicious code. Source: ghsa-malware...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

CVE-2025-66376

CVE-2025-66376 affects Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13. The issue is a stored cross-site scripting (XSS) in the Classic UI caused by CSS @import directives in HTML emails. Impact is described as stored XSS in the Classic UI; no exploit details are provided bey...

Zimbra Collaboration 跨站脚本漏洞

Zimbra Collaboration is an open source enterprise email and collaboration platform from Zimbra that supports email, calendaring, document management, and team collaboration features. A cross-site scripting vulnerability exists in Zimbra Collaboration versions prior to 10.0.18 and prior to 10.1.13...

PT-2026-1290

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS versions prior to 10.0.18 Zimbra Collaboration ZCS versions prior to 10.1.13 Description The software contains a stored cross-site scripting XSS issue within the Classic UI. This occurs due to Cascading Style Sheets CS...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

[SECURITY] Fedora 42 Update: nginx-mod-fancyindex-0.5.2-13.fc42

The Fancy Index module makes possible the generation of file listings, like the built-in autoindex module does, but adding a touch of style. This is possible because the module allows a certain degree of customization of the generated content: Custom headers. Either local or stored remotely. Cust...