Lucene search
+L

458 matches found

OSV
OSV
added 2026/07/10 9:30 a.m.2 views

OPENSUSE-SU-2026:21295-1 Security update for yelp

This update for yelp fixes the following issue - CVE-2026-13601: overly permissive Content Security Policy allows host file disclosure via Flatpak applications bsc1269625...

7.1CVSS6.1AI score0.0012EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/07/02 12:0 p.m.5 views

WordPress Reviews Widgets for Google, TripAdvisor, Yelp & Recommendations plugin <= 2.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Ilkeggs in WordPress Plugin Trust.Reviews versions = 2.7.3...

6.4CVSS5.9AI score0.00193EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-13601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open...

7.1CVSS6AI score0.0012EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/07/01 3:35 a.m.7 views

SUSE CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 10:16 a.m.9 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS0.0012EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 10:16 a.m.5 views

UBUNTU-CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 9:20 a.m.56 views

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS0.0012EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 9:20 a.m.6 views

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/29 9:20 a.m.6 views

EUVD-2026-40066

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/06/29 9:20 a.m.6 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/29 9:20 a.m.7 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References6
OSV
OSV
added 2026/06/29 9:20 a.m.9 views

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS6AI score0.0012EPSS
Exploits0References9
CVE
CVE
added 2026/06/29 9:20 a.m.31 views

CVE-2026-13601

CVE-2026-13601 involves Yelp’s yelp-xsl CSP implementation. A malicious Flatpak can exploit an overly permissive CSP in Yelp by loading crafted help content via OpenURI, embedding an untrusted CSS stylesheet inside a structured SVG. This enables attacker-controlled content to bypass the Flatpak s...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.14 views

PT-2026-53247

Name of the Vulnerable Software and Affected Versions Yelp affected versions not specified Description A flaw exists due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI porta...

7.1CVSS6.2AI score0.0012EPSS
Exploits0References27
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/10 3:49 p.m.15 views

Malicious code in yelp-react-component-chaos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 711cd262cc670c0e66cf2878b6fa22db21a2e420313a58aa029cbc619f2b27cc On npm install, preinstall.js collects hostname, username, cwd, network interfaces, and the names of environment variables matching...

6.1AI score
Exploits0References2
OSV
OSV
added 2026/06/10 3:49 p.m.16 views

MAL-2026-5515 Malicious code in yelp-react-component-chaos (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 711cd262cc670c0e66cf2878b6fa22db21a2e420313a58aa029cbc619f2b27cc On npm install, preinstall.js collects hostname, username, cwd, network interfaces, and the names of environment variables matching...

6.1AI score
Exploits0References2
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Medium: yelp

Issue Overview: A sandbox escape vulnerability was found in yelp, the GNOME help viewer. Bypassing the fix for CVE-2025-3155, a malicious help document can use a CSS stylesheet embedded in an SVG image to exfiltrate the contents of local files such as files under /proc to an external server witho...

7.4CVSS6.8AI score0.12592EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2 : yelp, --advisory ALAS2-2026-3337 (ALAS-2026-3337)

The version of yelp installed on the remote host is prior to 3.28.1-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3337 advisory. A sandbox escape vulnerability was found in yelp, the GNOME help viewer. Bypassing the fix for CVE-2025-3155, a malicious help docume...

7.4CVSS5.5AI score0.12592EPSS
Exploits1References2
Debian
Debian
added 2026/06/02 6:45 a.m.22 views

[SECURITY] [DSA 6319-1] yelp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6319-1 [email protected] https://www.debian.org/security/ Aron Xu June 02, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------...

5.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/02 12:0 a.m.11 views

Debian dsa-6319 : libyelp-dev - security update

The remote Debian 12 / 13 host has packages installed that are affected by a vulnerability as referenced in the dsa-6319 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6319-1 [email protected] https://www.debian.org/security/...

5.8AI score
Exploits0References3
Rows per page
Query Builder