CVE-2026-27627

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...

CVE-2026-27627

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...

CVE-2026-27627 Karakeep's Reddit plugin content bypasses DOMPurify sanitization, enabling stored XSS

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...

CVE-2026-27627

Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns readableContentHtml, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify,...

CVE-2026-27627

Summary: CVE-2026-27627 affects Karakeep’s Reddit metascraper path. In version 0.30.0, the HTML returned as readableContentHtml by the Reddit plugin is consumed directly by the HTML parsing subprocess without DOMPurify sanitization, while other content sources go through Readability + DOMPurify. ...

PT-2026-21852

Name of the Vulnerable Software and Affected Versions Karakeep version 0.30.0 Description Karakeep is an elf-hostable bookmark-everything app. Version 0.30.0 does not properly sanitize HTML content received from the Reddit metascraper plugin. Specifically, when the plugin returns...

EUVD-2018-16905

Malware in sbrugna...

EUVD-2021-16403

Malware in sbrugna...

EUVD-2018-4344

Malware in sbrugna...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaFirefox, MozillaFirefox-branding-SLE (SUSE-SU-2025:02529-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02529-1 advisory. MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR:...

Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: General Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing,...

SUSE-SU-2025:02529-1 Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: MozillaFirefox is updated to the 140ESR series. Firefox Extended Support Release 140.0esr ESR: General - Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacin...

Security update for MozillaFirefox, MozillaFirefox-branding-SLE

This update for MozillaFirefox, MozillaFirefox-branding-SLE fixes the following issues: This is the Firefox Extended Support Release 140.0esr ESR Major changes: General: Reader View now has an enhanced Text and Layout menu with new options for character spacing, word spacing, and text alignment...

Minor update(2) for Vivaldi Android Browser 7.4

Head to the Google Play Store and download the browser. Alternatively, you can download Vivaldi from Uptodown, the Android app store. Your rating for our browser matters. ⭐️ ⭐️ ⭐️ ⭐️ ⭐️ Enjoy! Changelog The following is a list of changes since the first 7.4 stable, minor update: Settings Enable...

SUSE CVE-2015-4518

The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy CSP protection mechanism and conduct cross-site scripting XSS attacks via vectors involving SVG animations and the about:reader...

SUSE CVE-2018-5119

The reader view will display cross-origin content when CORS headers are set to prohibit the loading of cross-origin content by a site. This could allow access to content that should be restricted in reader view. This vulnerability affects Firefox 58...

SUSE CVE-2018-12370

In Reader View SameSite cookie protections are not checked on exiting. This allows for a payload to be triggered when Reader View is exited if loaded by a malicious site while Reader mode is active, bypassing CSRF protections. This vulnerability affects Firefox 61...

SUSE CVE-2021-29944

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affec...

CVE-2021-29944

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affec...

CVE-2021-29944

Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affec...