746 matches found
firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in the CSS Parsing and Computation component...
Tandoor Recipes 跨站脚本漏洞
Tandoor Recipes is an open-source application designed for managing recipes, planning meals, creating shopping lists, and more. Versions of Tandoor Recipes prior to 2.6.4 contained a cross-site scripting vulnerability. This vulnerability stemmed from the ability to inject any tag into the recipe...
GHSA-VXG2-HHGR-37FX Roundcube Webmail: Insufficient CSS sanitization in HTML e-mail messages
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...
CVE-2026-35540
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...
CVE-2026-35540
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...
CVE-2026-35540
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...
CVE-2026-35540
Summary: CVE-2026-35540 affects Roundcube Webmail 1.6.0 through before 1.6.14. The issue is insufficient CSS sanitization in HTML e‑mail messages, which may allow SSRF or Information Disclosure when stylesheet links resolve to local network hosts. What’s affected: Roundcube Webmail (version linea...
Roundcube Webmail 安全漏洞
Roundcube Webmail is an open-source browser-based IMAP client developed by Roundcube. It supports address book management, information search, spelling checking, and more. Versions of Roundcube Webmail from 1.6.0 to 1.6.14 contained security vulnerabilities. These vulnerabilities were caused by...
FreeBSD : Roundcube -- Multiple vulnerabilities (c5b93cb5-2363-11f1-81da-8447094a420f)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the c5b93cb5-2363-11f1-81da-8447094a420f advisory. The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcac...
PT-2026-29979
Name of the Vulnerable Software and Affected Versions Roundcube Webmail versions 1.6.0 through 1.6.13 Description An issue exists in Roundcube Webmail where insufficient Cascading Style Sheets CSS sanitization in HTML email messages could lead to Server-Side Request Forgery SSRF or Information...
EulerOS 2.0 SP12 : libxslt (EulerOS-SA-2026-1374)
According to the versions of the libxslt package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A use-after-free vulnerability was found in libxslt while parsing xsl nodes that may lead to the dereference of expired pointers and application...
CVE-2026-31873
Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...
CVE-2026-31873
Unhead suffers a bypass of URI scheme sanitization in makeTagSafe prior to version 2.1.11: the code checks href values with String.includes(), which is case-sensitive. Since browsers treat URI schemes case-insensitively, inputs like DATA:text/css,... can evade the check and allow arbitrary CSS vi...
CVE-2026-28348
lxmlhtmlclean is a project for HTML cleaning functionalities copied from lxml.html.clean. Prior to version 0.4.4, the hassneakyjavascript method strips backslashes before checking for dangerous CSS keywords. This causes CSS Unicode escape sequences to bypass the @import and expression filters,...
darkreader 安全漏洞
DarkReader is an open-source web dark mode browser extension developed by Dark Reader. Versions of DarkReader prior to 4.9.117 contained a security vulnerability, which was caused by improper cross-source style sheet handling. This vulnerability could allow access to style sheets on the local...
CVE-2026-2027
CVE-2026-2027 concerns the AMP Enhancer – Compatibility Layer for Official AMP Plugin (WordPress). Affected: AMP Enhancer, all versions up to and including 1.0.49. Root cause: insufficient input sanitization and output escaping on AMP Custom CSS attributes. Impact: Stored Cross-Site Scripting (XS...
MGASA-2026-0036 Updated thunderbird packages fix security vulnerability
CSS-based exfiltration of the content from partially encrypted emails when allowing remote content. CVE-2026-0818...
CVE-2025-67484
MediaWiki vulnerability CVE-2025-67484 affects MediaWiki versions before 1.39.16, 1.43.6, 1.44.3, and 1.45.1. The issue is tied to the Action API xslt option, enabling JavaScript execution by administrators who are not interface administrators; the xslt option is now disabled by default and can b...
CVE-2025-57785
A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...
CVE-2025-57785
A Double Free in XSLT showindex has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution...