CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's fbdev component related to insufficient bounds checking within the bit putcs function. This can lead to out-of-bounds writes when rendering text near...

6CVSS6.2AI score0.00165EPSS

Exploits0

RedhatCVE•added 2025/05/22 5:23 a.m.•6 views

CVE-2011-0219

Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts...

5.8CVSS6.7AI score0.01611EPSS

Exploits0References1

Fedora•added 2025/04/15 6:37 p.m.•8 views

[SECURITY] Fedora 41 Update: php-tcpdf-6.9.1-1.fc41

PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...

7.4AI score

Exploits0

OSV•added 2025/04/09 3:14 p.m.•14 views

CVE-2025-32371 Unexpected external content may be displayed in DNN ImageHandler

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. A url could be crafted to the DNN ImageHandler to render text from a querystring parameter. This text would display in the resulting image and a user that trusts the domain might think that t...

4.3CVSS6.3AI score0.00246EPSS

Exploits0References4

CNNVD•added 2025/04/09 12:0 a.m.•3 views

DNN 安全漏洞

DNN aka DotNetNuke is a Microsoft-supported, open-source content management system CMS based on the ASP.NET platform from the U.S. company DNN. The system is easy to install, scalable and feature-rich. DNN has a security vulnerability that stems from a specially crafted URL that renders text in t...

4.3CVSS6.6AI score0.00246EPSS

Exploits0References3

Amazon•added 2024/04/01 12:0 a.m.•2 views

Medium: python-pillow

Issue Overview: An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrollably allocates memory to process a given task, potentially causing a service to crash by having it run out of memory. This occurs for truetype in ImageFont when textlength in an ImageDraw...

7.5CVSS7.5AI score0.01038EPSS

Exploits0

SUSE CVE•added 2024/02/06 4:41 a.m.•2 views

SUSE CVE-2020-36773

Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...

8.1CVSS7.4AI score0.00879EPSS

Exploits0References5

Amazon•added 2024/02/05 12:0 a.m.•4 views

Medium: containerd

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

7.5CVSS6.2AI score0.03796EPSS

Exploits0

Amazon•added 2024/02/05 12:0 a.m.•2 views

Important: cri-tools

7.5CVSS6.2AI score0.01364EPSS

Exploits0

Amazon•added 2023/10/03 12:0 a.m.•2 views

Medium: nerdctl

Issue Overview: Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack. CVE-2023-3978 Affected Packages: nerdctl Issue Correction: Run dnf update nerdctl --releasever 2023.2.20231002 or dnf update...

6.1CVSS6.5AI score0.00843EPSS

Exploits0

SUSE CVE•added 2023/08/04 2:5 a.m.•2 views

SUSE CVE-2023-3978