Lucene search
K

6541 matches found

OSV
OSV
added 2026/06/29 9:20 a.m.6 views

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS6AI score0.0012EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53247

Name of the Vulnerable Software and Affected Versions Yelp affected versions not specified Description A flaw exists due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI porta...

7.1CVSS6.2AI score0.0012EPSS
Exploits0References18
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:8 a.m.5 views

wifi: nl80211: reject oversized EMA RNR lists

...

7.8CVSS5.8AI score0.00138EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/26 11:18 p.m.28 views

pnpm: Manifest identity spoof satisfies allowBuilds and runs attacker lifecycle

Summary Keep build approval for opaque dependency sources byte-exact for GHSA-5wx6-mg75-v57r / CAND-PNPM-123. Merged upstream commit bf1b731ee6 fixed the original name-only approval bypass by making build policy consume the resolved dependency identity. One collision remained: the generic...

8.8CVSS5.8AI score0.00118EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/26 8:40 a.m.10 views

CVE-2026-53239

A flaw was found in the Linux kernel. A race condition exists in the xfrm policy handling, specifically within the xfrmpolicybyselctx function. This flaw allows for a use-after-free vulnerability, where memory is accessed after it has been released. This can lead to system instability or a denial...

7.8CVSS5.7AI score0.00135EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 10:34 p.m.9 views

GO-2026-5511 FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP Header) in github.com/gtsteffaniak/filebrowser

FileBrowser Vulnerable to Stored XSS via SVG File in Public Share Missing CSP Header in github.com/gtsteffaniak/filebrowser...

5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 9:53 p.m.2 views

GHSA-XCJM-WQFF-M669 ImageMagick: Policy Bypass can read disallowed files via symlink

An incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink...

5.5CVSS5.8AI score0.00128EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 8:38 p.m.25 views

CVE-2026-6412 Continued acceptance of SHA-1/MD5 digests in certificate processing

Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing...

2.3CVSS0.00074EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/25 6:8 p.m.6 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to a validation issue with improper logic...

7.5CVSS6AI score0.0027EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 6:8 p.m.5 views

webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced

A flaw was found in WebKitGTK. Processing malicious web content may prevent Content Security Policy from being enforced due to improper input validation...

8.1CVSS6AI score0.00304EPSS
Exploits0References5
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57532

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/06/25 3:16 p.m.10 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:32 p.m.31 views

CVE-2026-57532

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS0.0033EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:32 p.m.30 views

CVE-2026-57532

CVE-2026-57532 describes a vulnerability where malicious HTML content contained in the layout specification of a PDF ticket/badge layout is executed when the PDF editor is opened in a browser. This could allow one backend user to inject JavaScript into the browser context of another backend user....

8.8CVSS5.9AI score0.0033EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:32 p.m.5 views

EUVD-2026-39425

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:31 p.m.35 views

CVE-2026-57533

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS0.00248EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 2:31 p.m.6 views

EUVD-2026-39423

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes...

2.1CVSS5.8AI score0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:31 p.m.15 views

CVE-2026-57533

Technical details (affected product/version/root cause/patch) are not publicly provided in the supplied documents. Monitor for updates.

2.1CVSS5.8AI score0.00248EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in imagemagick

ImageMagick is free and open-source software used for editing and manipulating digital images. Before versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy was enforced on the raw filename string before the filesystem resolved it. As a result, policy rules such as /etc/ could be...

8.6CVSS7.2AI score0.00671EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Chromium

In ServiceWorkers of Google Chrome prior to version 147.0.7727.55, bypassing the content security policy was possible when a remote attacker used a crafted HTML page. Chromium security severity: Low...

4.3CVSS5.8AI score0.00166EPSS
Exploits0References3
Rows per page
Query Builder