91 matches found
Linux Distros Unpatched Vulnerability : CVE-2024-29881
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's content loading and content inserting code. A S...
CVE-2025-31276
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...
Unspecified Vulnerability in Apple iOS/iPadOS (CNVD-2025-17891)
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and Apple iPadOS contain a security vulnerability that originates from improper state management and...
CVE-2025-31276
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...
Apple iOS和Apple iPadOS 安全漏洞
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer. Apple iOS and Apple iPadOS contain a security vulnerability that originates from improper state management and...
CVE-2025-31276
This issue was addressed through improved state management. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9. Remote content may be loaded even when the 'Load Remote Images' setting is turned off...
PT-2025-31277 · Apple · Ios +1
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.6 iPadOS versions prior to 17.7.9 iPadOS versions prior to 18.6 Description: The issue was addressed through improved state management. Remote content may be loaded even when the 'Load Remote Images' setting is turned...
CVE-2025-6087
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
GHSA-RVPW-P7VW-WJ3M OpenNext for Cloudflare (opennextjs-cloudflare) has a SSRF vulnerability via /_next/image endpoint
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
CVE-2025-6087
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
CVE-2025-6087
CVE-2025-6087 affects @opennextjs/cloudflare (OpenNext Cloudflare adapter) and enables SSRF by proxying arbitrary remote content through the /_next/image endpoint due to an unimplemented feature. Affected deployments using the Cloudflare adapter for Open Next are at risk of loading remote resourc...
Malicious code in hwieiur (npm)
The package contains obfuscated code to load content from a suspicious external domain in the user's browser...
UBUNTU-CVE-2024-42845
An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file...
CVE-2024-25676
CVE-2024-25676 affects ViewerJS 0.5.8. A component script loads content via URL TAGs without proper sanitization, enabling open redirection and out-of-band resource loading. The root cause is unsanitized URL handling in the script. Documented impacts include redirection and resource loading expos...
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. Fix TinyMCE 6.8.1 introduced a new convertunsafeembeds opti...
GHSA-5359-PVF2-PW78 TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Impact A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. Fix TinyMCE 6.8.1 introduced a new convertunsafeembeds opti...
UBUNTU-CVE-2024-29881
TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an object or embed element and that image could potentially contain a XSS payload. This vulnerability is...