Lucene search
+L

118 matches found

euvd
euvd
added 2026/07/01 12:34 a.m.7 views

EUVD-2026-40833

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00264EPSS
Exploits0References3
euvd
euvd
added 2026/07/01 12:34 a.m.10 views

EUVD-2026-40692

Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00299EPSS
Exploits0References3
nvd
nvd
added 2026/06/30 11:17 p.m.4 views

CVE-2026-14012

Side-channel information leakage in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: Medium...

5.3CVSS0.00205EPSS
Exploits0References2
cve
cve
added 2026/06/30 10:38 p.m.19 views

CVE-2026-13943

CVE-2026-13943 affects Google Chrome on Android and is caused by uninitialized use in CSS. A crafted HTML page can allow a remote attacker to read potentially sensitive information from process memory. Affected version range is Chrome on Android prior to 150.0.7871.47; the issue is mitigated by u...

6.5CVSS5.8AI score0.00326EPSS
Exploits0References2Affected Software1
cve
cve
added 2026/06/30 10:37 p.m.21 views

CVE-2026-13839

CVE-2026-13839 corresponds to an issue in Google Chrome (CSS handling) where an inappropriate CSS implementation allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected software: Google Chrome prior to version 150.0.7871.47. Root cause: CSS/HTML rendering path...

6.5CVSS5.8AI score0.00218EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/24 11:53 a.m.4 views

CVE-2026-56358 n8n - Stored Cross-Site Scripting in Form Trigger Node

n8n before 1.123.25 1.x and before 2.11.2 2.x, with the fix also included in 2.12.0, contains a stored cross-site scripting vulnerability in the Form Trigger node's CSS sanitization that allows authenticated users to inject malicious scripts. Attackers with workflow creation permissions can injec...

5.1CVSS5.9AI score0.00144EPSS
Exploits0References4
nvd
nvd
added 2026/06/10 8:17 p.m.15 views

CVE-2026-46683

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS0.00249EPSS
Exploits0References2
cvelist
cvelist
added 2026/06/10 7:53 p.m.30 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS0.00249EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/06/10 7:53 p.m.10 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS5.3AI score0.00249EPSS
Exploits0References2
euvd
euvd
added 2026/06/10 7:53 p.m.13 views

EUVD-2026-36112

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS5.4AI score0.00249EPSS
Exploits0References2
osv
osv
added 2026/06/10 7:53 p.m.3 views

CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.7.0, there is a SSRF and local file read vulnerability via the xsl-style-sheet option. This issue has been patched in version 1.7.0...

6.9CVSS5.9AI score0.00249EPSS
Exploits0References4
cvelist
cvelist
added 2026/06/09 3:50 a.m.36 views

CVE-2026-41846 Spring Framework Cross-site Scripting via JSP Form Tags

Spring MVC applications which accept user-supplied values in the cssClass, cssErrorClass, or cssStyle attributes of JSP form tags allow arbitrary HTML/JavaScript code injection, potentially resulting in a cross-site scripting XSS vulnerability. Affected versions: Spring Framework 7.0.0 through...

5.9CVSS0.0014EPSS
Exploits0References1
redhat
redhat
added 2026/06/07 12:53 a.m.2 views

soupsieve: python-soupsieve: Soupsieve: Denial of Service via crafted CSS selector string

A flaw was found in soupsieve, a CSS selector library used with Beautiful Soup 4. This vulnerability allows a remote attacker to cause a denial of service DoS by supplying a specially crafted CSS selector string. The parser allocates unbounded memory when compiling large, comma-separated selector...

7.5CVSS6.1AI score0.00601EPSS
Exploits0References7
cve
cve
added 2026/06/04 11:6 p.m.32 views

CVE-2026-11288

The CVE-2026-11288 entry concerns Google Chrome’s CSS policy enforcement. Affects Chrome prior to build 149.0.7827.53, where insufficient policy enforcement in CSS could allow a remote attacker to leak cross-origin data via a crafted HTML page. From the connected sources, the vulnerability is tie...

6.5CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/06/02 12:0 a.m.11 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper CSS implementation. A remote attacker could exploit this vulnerability to leak cross-source data through...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References3
osv
osv
added 2026/05/25 7:27 p.m.1 views

CVE-2026-48848

Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7 has insufficient HTML sanitization that could lead to Cascading Style Sheets CSS injection via an SVG document that has an animate element with the attributeName attribute...

7.2CVSS7AI score0.00388EPSS
Exploits0References7
cvelist
cvelist
added 2026/05/25 7:21 p.m.24 views

CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

6.5CVSS0.00405EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/05/25 12:0 a.m.11 views

PT-2026-43109

Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.15 Roundcube Webmail versions 1.7.0 through 1.7.0 Description The remote image blocking feature can be bypassed using a crafted CSS var value within an e-mail message. This bypass may result in...

6.5CVSS5.8AI score0.00405EPSS
Exploits0References16
snyk
snyk
added 2026/05/21 8:20 p.m.12 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the xsl-style-sheet option. An attacker can access internal or remote resources and read arbitrary local files by supplying crafted input to the xsl-style-sheet parameter. Remediation Upgrade...

7.2CVSS6AI score0.00249EPSS
Exploits0References2
osv
osv
added 2026/05/21 8:20 p.m.13 views

GHSA-C5FP-P67M-GQ56 Snappy : SSRF and local file read via the xsl-style-sheet option

Impact It impacts applications where: - the PHP daemon run with root permissions ; - the application is either running outside a container or has sensitive file access ; It could happens with this kind of workflows: php $stylesheet = $GET'stylesheet'; // = ‘file:///etc/passwd’ $pdf = new...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References4
Rows per page
Query Builder