Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990893)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990893 advisory. In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in fromkuid and fromkgid ocfs2setattr uses attr-iamode,...

CVE-2025-64501

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpurun loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpurun loop to fix a bug where KVM can load hardware with a stale...

kernel: firmware: cs_dsp: Fix OOB memory read access in KUnit test (ctl cache)

In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test ctl cache KASAN reported out of bounds access - csdspctlcacheinitmultipleoffsets. The code uses mockcoefftemplate.lengthbytes 4 bytes for register value allocations. But...

WordPress plugin Nonaki 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

CVE-2025-64501

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

CVE-2025-64501

Summary: CVE-2025-64501 affects the ProsemirrorToHtml gem used to convert ProseMirror JSON to HTML. In versions 0.2.0 and earlier, it is vulnerable to Cross-Site Scripting (XSS) through malicious HTML attribute values because attribute values aren’t escaped, while tag content is. Impact applies t...

EUVD-2025-50824

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

CVE-2025-64501 ProsemirrorToHtml: Cross-Site Scripting vulnerability through unescaped HTML attribute values

ProsemirrorToHtml is a JSON converter which takes ProseMirror-compatible JSON and outputs HTML. In versions 0.2.0 and below, the prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values...

SUSE-SU-2025:21067-1 Security update for powerpc-utils

This update for powerpc-utils fixes the following issues: - Start SMT service after networking bsc1249152 ltc214730 - Fix inconsistent Core Online/Offline States Observed in lscpu and ppc64cpu --info Command Outputs During DLPAR Operation bsc1246126 ltc214064 - Fix HNV installation network...

PT-2025-51685

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the ASoC SDCA component and parsing of the mipi-sdca-control-cn-list. The struct sdca control declares a values field as an integer array, bu...

Duplicate Advisory: ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-52c5-vh7f-26fx. This link is maintained to preserve external references. Original Description Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute...

CVE-2025-61945

Radiometrics VizAir is vulnerable to any remote attacker via access to the admin panel of the VizAir system without authentication. Once inside, the attacker can modify critical weather parameters such as wind shear alerts, inversion depth, and CAPE values, which are essential for accurate weathe...

GHSA-52C5-VH7F-26FX Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

EUVD-2025-38038

Cross-Site Scripting XSS vulnerability through unescaped HTML attribute values...

[SECURITY] Fedora 43 Update: python-inline-snapshot-0.30.1-1.fc43

Golden master/snapshot/approval testing library which puts the values right into your source code...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989349)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989349 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990257)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990257 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfsreaddir The stbl might contain some invalid values. Adde...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988892)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988892 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix negative period/buffer sizes The period size calculation in OSS layer may...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988968)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988968 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: qcom: clk-rcg2: Update logic to calculate D value for RCG The display pixel clock has a...