Lucene search
K

91 matches found

Tenable Nessus
Tenable Nessus
added 2025/08/21 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-29881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's content loading and content inserting code. A S...

6.1CVSS5.7AI score0.00722EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/08/01 12:6 a.m.6 views

CVE-2025-31276

This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

5.3CVSS6.4AI score0.00401EPSS
Exploits0References1
CNVD
CNVD
added 2025/08/01 12:0 a.m.5 views

Unspecified Vulnerability in Apple iOS/iPadOS (CNVD-2025-17891)

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and Apple iPadOS contain a security vulnerability that originates from improper state management and...

5.3CVSS6.7AI score0.00401EPSS
Exploits0References1
NVD
NVD
added 2025/07/30 12:15 a.m.6 views

CVE-2025-31276

This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

5.3CVSS0.00401EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.4 views

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and Apple iPadOS contain a security vulnerability that originates from improper state management and...

5.3CVSS6.5AI score0.00401EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/07/29 11:35 p.m.7 views

CVE-2025-31276

This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...

0.00401EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/29 12:0 a.m.8 views

PT-2025-31277 · Apple · Ios +1

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.6 iPadOS versions prior to 17.7.9 iPadOS versions prior to 18.6 Description: The issue was addressed through improved state management. Remote content may be loaded even when the 'Load Remote Images' setting is turned...

5.3CVSS5.8AI score0.00401EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/06/18 7:21 p.m.9 views

CVE-2025-6087

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

9.1CVSS6.9AI score0.00832EPSS
Exploits0References1
OSV
OSV
added 2025/06/16 7:37 p.m.5 views

GHSA-RVPW-P7VW-WJ3M OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

7.8CVSS7.6AI score0.00832EPSS
Exploits0References6
NVD
NVD
added 2025/06/16 7:15 p.m.20 views

CVE-2025-6087

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

9.1CVSS0.00832EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/16 6:30 p.m.33 views

CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

7.8CVSS0.00832EPSS
Exploits0References1
OSV
OSV
added 2025/06/16 6:30 p.m.5 views

CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

7.8CVSS7.2AI score0.00832EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/06/16 6:30 p.m.10 views

CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

7.8CVSS7AI score0.00832EPSS
Exploits0References1
CVE
CVE
added 2025/06/16 6:30 p.m.86 views

CVE-2025-6087

CVE-2025-6087 affects @opennextjs/cloudflare (OpenNext Cloudflare adapter) and enables SSRF by proxying arbitrary remote content through the /_next/image endpoint due to an unimplemented feature. Affected deployments using the Cloudflare adapter for Open Next are at risk of loading remote resourc...

9.1CVSS7AI score0.00832EPSS
Exploits0References1Affected Software2
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/09/03 3:27 p.m.4 views

Malicious code in hwieiur (npm)

The package contains obfuscated code to load content from a suspicious external domain in the user's browser...

7.1AI score
Exploits0
OSV
OSV
added 2024/08/23 7:15 p.m.5 views

UBUNTU-CVE-2024-42845

An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file...

8CVSS6.2AI score0.02655EPSS
Exploits5References5
CVE
CVE
added 2024/05/01 12:0 a.m.67 views

CVE-2024-25676

CVE-2024-25676 affects ViewerJS 0.5.8. A component script loads content via URL TAGs without proper sanitization, enabling open redirection and out-of-band resource loading. The root cause is unsanitized URL handling in the script. Documented impacts include redirection and resource loading expos...

4.7CVSS6.7AI score0.00326EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/03/26 9:23 p.m.67 views

TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. Fix TinyMCE 6.8.1 introduced a new convertunsafeembeds opti...

6.1CVSS5.8AI score0.00722EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2024/03/26 9:23 p.m.21 views

GHSA-5359-PVF2-PW78 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements

Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. Fix TinyMCE 6.8.1 introduced a new convertunsafeembeds opti...

4.3CVSS4.5AI score0.00722EPSS
Exploits0References6
OSV
OSV
added 2024/03/26 2:15 p.m.1 views

UBUNTU-CVE-2024-29881

TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...

6.1CVSS5.7AI score0.00722EPSS
Exploits0References4
Rows per page
Query Builder