CVE-2025-53354

NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inpu...

EUVD-2025-32318

NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inpu...

CVE-2025-53354

NiceGUI is affected by a Cross-Site Scripting (XSS) vulnerability when rendering unescaped user input into the DOM via ui.html() (and related HTML content in ui.chat_message). Versions 2.24.2 and below are vulnerable; the issue stems from not sanitizing HTML/JavaScript inputs. Applications that c...

PT-2025-40595

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.0.0 Description NiceGUI, a Python-based UI framework, is susceptible to Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. The framework did not enforce HTML or JavaScri...

GeoServer 2.24.0 < 2.24.2 Path Traversal

According to its banner, the version of GeoServer running on the remote host is prior to 2.23.5 or 2.24.0 prior to 2.24.2. It is, therefore, affected by an Arbitrary File Renaming. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

Cross site scripting

An XSS issue was discovered in MantisBT before 2.24.2. Improper escaping on viewallbugpage.php allows a remote attacker to inject arbitrary HTML into the page by saving it into a text Custom Field, leading to possible code execution in the browser of any user subsequently viewing the issue if CSP...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2019:1766-1 Rating: important References: 1133291 1135715 Cross-References: CVE-2019-6237 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596...

Linux util-linux local elevation of privilege vulnerability

util-linux is a set of software packages used in Linux systems and contains a variety of system administration tools, it provides tools to load, unload, format, partition and manage hard drives, open tty ports and get kernel messages. A local boost vulnerability exists in version 2.24.2 of...

Updated util-linux packages fix CVE-2014-9114

Updated util-linux packages fix security vulnerability: Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges CVE-2014-9114. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and oth...

Vinagre < 2.24.2 show_error() Remote Format String PoC

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Vinagre showerror format string vulnerability 1. Advisory Information Title: Vinagre showerror format string vulnerability Advisory...

MDVA-2008:186-1 : evolution

Outgoing mails sent through the Evolution Exchange plugin were not always sent properly. Spell checking was not working properly when two different languages were enabled, causing all words to be detected as mistyped. Those bugs are fixed by this package updates, as well as massive performance...

Mandriva Update for evolution MDVA-2008:186-1 (evolution)

Check for the Version of evolution OpenVAS Vulnerability Test Mandriva Update for evolution MDVA-2008:186-1 evolution Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...

Mandriva Update for evolution MDVA-2008:186 (evolution)

Check for the Version of evolution OpenVAS Vulnerability Test Mandriva Update for evolution MDVA-2008:186 evolution Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Vinagre 2.24.2 - show_error() Remote Format String (PoC)

Vinagre 2.24.2 - showerror Remote Format String PoC -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Vinagre showerror format string vulnerability 1. Advisory Information Title: Vinagre showerror format string...