Lucene search
K

748 matches found

NVD
NVD
added 20 hours ago7 views

CVE-2026-44767

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS
Exploits0References2
Cvelist
Cvelist
added 21 hours ago9 views

CVE-2026-44767 Allowlist Bypass in setThemeRoot() Enables Cross-Origin CSS Injection

setThemeRoot failed to enforce the sap-allowed-theme-origins allowlist. An attacker-controlled absolute cross-origin URL could be stored and used directly to construct a element, even when no tag was present in the document. The same bypass was reachable via the ?sap-themeRoot URL...

6.1CVSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-13601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open...

7.1CVSS6AI score0.0012EPSS
Exploits0References3
CVE
CVE
added 2026/07/01 12:58 a.m.28 views

CVE-2026-57963

The CVE-2026-57963 issue affects chat UI in Thunderbird where an attacker able to send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. Underlying risk is manipulation of the chat interface and potential phishing wi...

6.5CVSS5.9AI score0.00181EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/06/29 9:20 a.m.6 views

EUVD-2026-40066

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/25 3:16 p.m.10 views

libxslt: use-after-free with key data stored cross-RVT

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/25 9:36 a.m.7 views

libxslt: use-after-free with key data stored cross-RVT

A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application crash...

5.5CVSS6.1AI score0.00161EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 6:0 a.m.10 views

EUVD-2026-38697

The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-admin page, allowing any authenticated user to evaluate dynamic content tokens against arbitrary...

7.7CVSS6AI score0.00219EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52108

Name of the Vulnerable Software and Affected Versions SiYuan versions prior to 3.7.0 Description A flaw exists where a CSS snippet body containing can break out of its surrounding tag during interpolation by the renderSnippet function via insertAdjacentHTML. This allows the execution of arbitrary...

9.9CVSS6.4AI score0.00307EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.21 views

PT-2026-50600

Name of the Vulnerable Software and Affected Versions org.hl7.fhir.utilities versions 6.9.8 and earlier Description The org.hl7.fhir.utilities library contains an XML External Entity XXE injection flaw. The saxonTransform function overloads instantiate a bare net.sf.saxon.TransformerFactoryImpl...

9.2CVSS6AI score0.00309EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/13 2:29 a.m.8 views

CVE-2026-12089 WS Optimize – All-in-One Speed Booster & Cache Tools <= 3.3.19 - Authenticated (Editor+) Arbitrary File Read

The LWS Optimize – All-in-One Speed Booster & Cache Tools plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 3.3.19. This is due to the combinecurrentcss function trusting values harvested from page HTML and converting same-site URLs to absolute filesystem...

4.9CVSS5.5AI score0.00336EPSS
Exploits0References3
OSV
OSV
added 2026/06/08 1:15 p.m.12 views

JLSEC-2026-581

Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.9AI score0.21623EPSS
Exploits0References10
Amazon
Amazon
added 2026/06/08 12:0 a.m.11 views

Medium: yelp

Issue Overview: A sandbox escape vulnerability was found in yelp, the GNOME help viewer. Bypassing the fix for CVE-2025-3155, a malicious help document can use a CSS stylesheet embedded in an SVG image to exfiltrate the contents of local files such as files under /proc to an external server witho...

7.4CVSS6.8AI score0.12592EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

EulerOS Virtualization 2.10.1 : libxslt (EulerOS-SA-2026-2029)

According to the versions of the libxslt package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers an...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-6403

The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckplyziptheme function, which appends a user-controlled 'stylesheet' parameter directly to the theme root directory path without...

7.5CVSS5.5AI score0.00811EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/05 12:31 a.m.11 views

EUVD-2026-34749

Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

5.8AI score0.00197EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/04 11:5 p.m.6 views

CVE-2026-11162

Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

5.8AI score0.00187EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/29 1:53 p.m.8 views

CVE-2026-41159

Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies outside of the Mermaid diagram via the fontFamily, themeCSS, and altFontFamily configuration...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/25 8:16 p.m.17 views

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS0.00301EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/25 7:11 p.m.9 views

CVE-2026-48843

Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16,and 1.7.x before 1.7.1 has Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts. The issue stems from an insufficient fix fo...

7.2CVSS5.8AI score0.00301EPSS
Exploits0
Rows per page
Query Builder