Lucene search
+L

7 matches found

NVD
NVD
added 2026/07/08 10:17 p.m.9 views

CVE-2026-10037

A sandbox escape vulnerability exists in the OpenJDK packages provided in Ubuntu. The .jar MIME handlers installed by these packages execute files marked as executable when the mailcap package is installed. A compromised or malicious sandboxed application with access to the OpenURI portal via...

8.8CVSS0.0012EPSS
Exploits0References1
CVE
CVE
added 2026/07/08 9:18 p.m.29 views

CVE-2026-10037

CVE-2026-10037 describes a sandbox escape in Ubuntu’s OpenJDK packages. The issue arises from .jar MIME handlers installed by these packages executing files marked as executable when the mailcap package is present. A compromised sandboxed application with access to the OpenURI portal via xdg-desk...

8.8CVSS6.3AI score0.0012EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/07/01 3:35 a.m.6 views

SUSE CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/29 9:20 a.m.7 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 9:20 a.m.26 views

CVE-2026-13601

CVE-2026-13601 involves Yelp’s yelp-xsl CSP implementation. A malicious Flatpak can exploit an overly permissive CSP in Yelp by loading crafted help content via OpenURI, embedding an untrusted CSS stylesheet inside a structured SVG. This enables attacker-controlled content to bypass the Flatpak s...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/06/29 9:20 a.m.9 views

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS6AI score0.0012EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53247

Name of the Vulnerable Software and Affected Versions Yelp affected versions not specified Description A flaw exists due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI porta...

7.1CVSS6.2AI score0.0012EPSS
Exploits0References27
Rows per page
Query Builder