Lucene search
K

30 matches found

NVD
NVD
added 2026/06/29 10:16 a.m.7 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS0.00137EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/29 9:20 a.m.33 views

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS0.00137EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/29 9:20 a.m.5 views

CVE-2026-13601 Yelp: yelp-xsl: overly permissive content security policy in yelp allows host file disclosure from flatpak applications

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.00137EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/29 9:20 a.m.6 views

CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.00137EPSS
Exploits0References6
CVE
CVE
added 2026/06/29 9:20 a.m.13 views

CVE-2026-13601

CVE-2026-13601 involves Yelp’s yelp-xsl CSP implementation. A malicious Flatpak can exploit an overly permissive CSP in Yelp by loading crafted help content via OpenURI, embedding an untrusted CSS stylesheet inside a structured SVG. This enables attacker-controlled content to bypass the Flatpak s...

7.1CVSS5.9AI score0.00137EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 8 : yelp-3.28.1-3.el8_10.1, yelp-xsl-3.28.0-2.el8_10.1 (AXSA:2025-9944:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9944:01 advisory. yelp: Arbitrary file read CVE-2025-3155 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory. Note that...

7.4CVSS7.3AI score0.12592EPSS
Exploits1References2
OSV
OSV
added 2025/11/15 7:11 a.m.6 views

MGASA-2025-0297 Updated yelp & yelp-xsl packages fix security vulnerability

The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155...

7.4CVSS7.2AI score0.12592EPSS
Exploits1References6
Mageia
Mageia
added 2025/11/15 7:11 a.m.6 views

Updated yelp & yelp-xsl packages fix security vulnerability

The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment. CVE-2025-3155...

7.4CVSS7.7AI score0.12592EPSS
Exploits1References5
Rosalinux
Rosalinux
added 2025/08/06 8:30 a.m.4 views

Advisory ROSA-SA-2025-2925

software: yelp-xsl 42.1 WASP: ROSA-CHROME unaffected versions = yelp-xsl-42.1-1 affected versions yelp-xsl-42.1-1 CVE-ID: CVE-2025-3155 BDU-ID: 2025-03944 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Yelp help system is related to the inclusion of features from an invalid controlled scope whe...

7.4CVSS7.7AI score0.12592EPSS
Exploits1
Rockylinux
Rockylinux
added 2025/07/29 1:38 p.m.3 views

yelp and yelp-xsl security update

An update is available for yelp-xsl, yelp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Yelp is the help browser for the GNOME desktop. It is designed to help...

7.4CVSS7.4AI score0.12592EPSS
Exploits1
OpenVAS
OpenVAS
added 2025/07/02 12:0 a.m.5 views

openSUSE Security Advisory (SUSE-SU-2025:02168-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.12592EPSS
Exploits1References4
SUSE Linux
SUSE Linux
added 2025/06/30 7:15 a.m.2 views

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.9CVSS7.9AI score0.12592EPSS
Exploits1References4
OSV
OSV
added 2025/06/30 7:15 a.m.3 views

SUSE-SU-2025:02168-1 Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

7.4CVSS7.4AI score0.12592EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2025/06/27 7:51 a.m.3 views

Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.9CVSS7.9AI score0.12592EPSS
Exploits1References4
OSV
OSV
added 2025/06/27 7:51 a.m.3 views

SUSE-SU-2025:02153-1 Security update for yelp-xsl

This update for yelp-xsl fixes the following issues: - CVE-2025-3155: JavaScript code execution and arbitrary file read through specially crafted help files and ghelp scheme URLs bsc1240688...

7.4CVSS7.4AI score0.12592EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/05/29 12:0 a.m.8 views

Amazon Linux 2 : yelp-xsl (ALAS-2025-2861)

The version of yelp-xsl installed on the remote host is prior to 3.28.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2861 advisory. A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerabili...

7.4CVSS7.2AI score0.12592EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2025/05/29 12:0 a.m.5 views

Debian: Security Advisory (DLA-4185-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.12592EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2025/05/29 12:0 a.m.5 views

Debian: Security Advisory (DSA-5927-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.4CVSS7.5AI score0.12592EPSS
Exploits1References2
Debian
Debian
added 2025/05/28 6:32 p.m.10 views

[SECURITY] [DLA 4185-1] yelp-xsl security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/ Lucas Kanashiro May 28, 2025 https://wiki.debian.org/LTS -...

7.4CVSS7.3AI score0.12592EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/05/28 12:0 a.m.8 views

Debian dla-4185 : yelp-xsl - security update

The remote Debian 11 host has a package installed that is affected by a vulnerability as referenced in the dla-4185 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4185-1 [email protected] https://www.debian.org/lts/security/...

7.4CVSS7.5AI score0.12592EPSS
Exploits1References4
Rows per page
Query Builder