3359 matches found
CVE-2026-13839
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
CVE-2026-13839
CVE-2026-13839 corresponds to an issue in Google Chrome (CSS handling) where an inappropriate CSS implementation allowed a remote attacker to bypass the same-origin policy via a crafted HTML page. Affected software: Google Chrome prior to version 150.0.7871.47. Root cause: CSS/HTML rendering path...
CVE-2026-13838
Inappropriate implementation in CSS in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: High...
WordPress Qi Blocks plugin <= 1.4.9 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Style Modification vulnerability
Insecure Direct Object Reference to Authenticated Author+ Arbitrary Style Modification vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Qi Blocks versions = 1.4.9...
PT-2026-54373
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in CSS allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Cross-origin data leakage occurs when a website accesse...
PT-2026-54113
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in CSS allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that enables the execution of arbitrary scripts ...
PT-2026-54116
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in CSS allows a remote attacker to bypass the same origin policy, which is a security mechanism that restricts how a document or script loaded from one...
PT-2026-54423
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description A type confusion issue exists in the CSS component, which allows a remote attacker to obtain potentially sensitive information from process memory by using a specially crafted HTML page...
PT-2026-54219
Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 150.0.7871.47 Description An uninitialized use in CSS allows a remote attacker to obtain potentially sensitive information from process memory by inducing the user to visit a crafted HTML page...
PT-2026-54360
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description Side-channel information leakage in CSS allows a remote attacker to leak cross-origin data through the use of a crafted HTML page. Side-channel attacks are methods used to extract...
Linux Distros Unpatched Vulnerability : CVE-2026-13593
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when...
PT-2026-54422
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 150.0.7871.47 Description An inappropriate implementation in CSS allows a remote attacker to perform Universal Cross-Site Scripting UXSS, which is a vulnerability that enables the injection of arbitrary scripts ...
CVE-2026-13593
CSS::Minifier::XS versions before 0.14 for Perl have a memory leak when the entire document is minified away. The minify function has a memory leak when processing a document containing only characters to be removed, such as comments and whitespace...
CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
PT-2026-53690
Name of the Vulnerable Software and Affected Versions CSS::Minifier::XS versions prior to 0.14 Description The minify function contains a memory leak that occurs when processing a document consisting entirely of characters intended for removal, such as whitespace and comments, resulting in the...
CVE-2026-44696
OpenProject prior to 17.4.0: the rich text (markdown) rendering pipeline uses Sanitize::Config::RELAXED[:css], permitting essentially all CSS in style attributes on elements like figure, img, table, th, tr, td. This enables any authenticated user with write access to formattable fields (work pack...
MAL-2026-6508 Malicious code in tw-style-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc430da42cdbbb83b681be645a2bbc3f3f2a48e0e19d9d3624b4b3e6f9aa7e92 [email protected] was scanned and produced no findings indicative of supply-chain attack behavior. No install-time lifecycle scripts performing...
Malicious code in tw-style-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fc430da42cdbbb83b681be645a2bbc3f3f2a48e0e19d9d3624b4b3e6f9aa7e92 [email protected] was scanned and produced no findings indicative of supply-chain attack behavior. No install-time lifecycle scripts performing...
CVE-2026-54067
SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, CSS snippet body containing breaks out of its surrounding tag when renderSnippet interpolates it via insertAdjacentHTML. A payload like runs arbitrary JavaScript in the renderer. On Electron desktop builds the renderer...
Astra Linux – Vulnerability in Chromium
Type Confusion in CSS in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. Chromium security severity: Low...