14 matches found
CVE-2026-30235 Business Logic Error on OpenProject through hyperlinks in markdown using DOM clobbering
OpenProject is an open-source, web-based project management software. Prior to 17.2.0, this vulnerability occurs due to improper validation of OpenProject’s Markdown rendering, specifically in the hyperlink handling. This allows an attacker to inject malicious hyperlink payloads that perform DOM...
CVE-2026-30235
OpenProject prior to 17.2.0 is affected by a vulnerability in Markdown rendering where hyperlink handling allows DOM clobbering, potentially crashing or blanking the page and causing runtime errors during application initialization. The issue is tied to improper validation of hyperlinks and is fi...
OpenProject 跨站脚本漏洞
OpenProject is an open-source web-based project management software. Versions of OpenProject prior to 17.2.0 had a cross-site scripting vulnerability. This vulnerability stemmed from improper Markdown rendering validation in OpenProject, especially in the handling of hyperlinks. It could allow...
PT-2026-4954
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.1.1, 3.0, 3.3, 3.4, and 3.5 OpenSSL versions 3.6 through 3.6.0 Description An invalid or NULL pointer dereference can occur in applications processing malformed PKCS12 files. This can lead to a denial of service when an...
SUSE CVE-2025-38455
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV-ES intra host migration if vCPU creation is in-flight Reject migration of SEV-ES state if either the source or destination VM is actively creating a vCPU, i.e. if kvmvmioctlcreatevcpu is in the section betwee...
CVE-2025-21713 powerpc/pseries/iommu: Don't unset window if it was never set
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Don't unset window if it was never set On pSeries, when user attempts to use the same vfio container used by different iommu group, the spaprtcesetwindow returns -EPERM and the subsequent cleanup leads to t...
xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents
A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...
Brave Android 1.59.117 Security Fixes
Updated which origins and URLs trigger debouncing and request-OTR protections as reported on HackerOne by nishimunea. - Fixed crash when loading brave://optimization-guide-internals as reported on HackerOne by jaguilera. Upgraded Chromium to 118.0.5993.70 — refer to Google Chrome advisories for...
kernel: Double-free in split_2MB_gtt_entry when function intel_gvt_dma_map_guest_page failed
A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intelgvtdmamapguestpage function. This issue could allow a local user to crash the system...
PT-2022-24828 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions 2.9.0.beta5 through 2.9.0.beta9 Description: The issue arises when an incomplete quote generates a JavaScript error, potentially crashing the current page in the browser. This occurs in certain cases and is related to how t...
OPENSUSE-SU-2021:1310-1 Security update for opera
This update for opera fixes the following issues: opera was updated to version 79.0.4143.22 - CHR-8550 Update chromium on desktop-stable-93-4143 to 93.0.4577.58 - CHR-8557 Update chromium on desktop-stable-93-4143 to 93.0.4577.63 - DNA-94641 Linux Proprietary media codecs not working in snap buil...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox...
Arbitrary Code Execution
firefox is vulnerable to arbitrary code execution. The vulnerability exists as a web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox...
Mozilla Firefox and Firefox ESR NetworkUtils.cpp Buffer Overflow Vulnerability
Mozilla Firefox is an open source web browser. A security vulnerability exists in the Mozilla Firefox NetworkUtils.cpp file, which allows remote attackers to construct a malicious web page and trick users into parsing it, which can crash the application or execute arbitrary code...