Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from failure to properly handle qvector releases when kzalloc fails under memory stress, which could lead to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to set a new vector length before reallocating the SVE status buffer, which could lead to memory...

Apple macOS Tahoe 安全漏洞

Apple macOS Tahoe is the 26th major release of Apple's macOS operating system, which was released on June 10, 2025, and features a new "Liquid Glass" visual design that significantly optimizes interface aesthetics, feature integration, and cross-device collaboration. The 26th major version of the...

CVE-2025-10253

A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-10253

CVE-2025-10253 affects openDCIM 23.04; the vulnerable component is the SVG File Handler’s /scripts/uploadifive.php, where manipulation of the Filedata argument enables cross-site scripting. The issue is triggered remotely via user-controlled input, with exploit maturity noted as a proof-of-concep...

CVE-2025-10253 openDCIM SVG File uploadifive.php cross site scripting

A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-9061

The Wilmer Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-leve...

PT-2025-37185

A vulnerability has been found in openDCIM 23.04. This vulnerability affects unknown code of the file /scripts/uploadifive.php of the component SVG File Handler. Such manipulation of the argument Filedata leads to cross site scripting. The attack can be launched remotely. The exploit has been...

Arbitrary File Upload

moonshine/moonshine is vulnerable to arbitrary file upload. The vulnerability is due to improper validation of uploaded SVG files, which allows an attacker to execute arbitrary code...

[SECURITY] Fedora 42 Update: loupe-48.1-2.fc42

An image viewer application written with GTK 4, Libadwaita and Rust. Features: - Fast GPU accelerated image rendering with tiled rendering for SVGs - Extendable and sandboxed expect SVG image decoding - Support for more than 15 image formats by default - Extensive support for touchpad and...

Microsoft Windows Multiple Vulnerabilities (KB5065427)

This host is missing an important security update according to Microsoft KB5065427 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2025-50892

The CVE-2025-50892 entry concerns EaseUS Todo Backup 1.2.0.1, where the eudskacs.sys driver (version 20250328) fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This creates a local, low-privileged attacker capability to perform arbitrary...

Linux Distros Unpatched Vulnerability : CVE-2018-1000639

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LatexDraw version =4.0 contains a XML External Entity XXE vulnerability in SVG parsing functionality that can result in disclosure of data, server side request...

Linux Distros Unpatched Vulnerability : CVE-2024-39126

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. CVE-2024-39126 Note that Nessus relies on the presence of the package as reported...

toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor

An off-by-one error in the DrainCol::drop destructor could cause an unsafe memory copy operation to exceed the bounds of the associated vector. The error was related to the size of the data being copied in one of the ptr::copy invocations inside the destructor. When removing the first column from...

CLSA-2025-1757427057 grafana: Fix of CVE-2022-23552

CVE-2022-23552: sanitize SVG inputs in GeoMap by adding a dompurify preprocessor step, preventing stored XSS where malicious SVG could execute arbitrary JavaScript...

GHSA-XMCW-MV9P-7PQ2 Duplicate Advisory: Keycloak error_description injection on error pages that can trigger phishing attacks

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-27gc-wj6x-9w55. This link is maintained to preserve external references. Original Description A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescriptio...

CVE-2025-10044

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

CVE-2025-10044

A flaw was found in Keycloak. Keycloak’s account console and other pages accept arbitrary text in the errordescription query parameter. This text is directly rendered in error pages without validation or sanitization. While HTML encoding prevents XSS, an attacker can craft URLs with misleading...

CVE-2025-9566 Podman: podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...