Unity Linux 20.1070e Security Update: poppler (UTSA-2026-017695)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017695 advisory. A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that,...

EUVD-2018-15637

Malware in sbrugna...

EUVD-2025-12744

Malicious code in bioql PyPI...

EUVD-2023-41197

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-32862

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version o...

CVE-2024-42515

Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...

CVE-2025-32970

XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that...

CVE-2025-32970

XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that...

CVE-2025-32970 org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability

XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that...

CVE-2025-32970 org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability

XWiki is a generic wiki platform. In versions starting from 13.5-rc-1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0, an open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that...

CVE-2025-32970

XWiki Platform Open Redirect (CVE-2025-32970): In XWiki versions 13.5-rc-1 to before 15.10.13, 16.0.0-rc-1 to before 16.4.4, and 16.5.0-rc-1 to before 16.8.0, an open redirect exists in the HTML conversion request filter that can redirect users to arbitrary URLs via crafted requests (e.g., via th...

GHSA-PJHG-9WR9-RJ96 org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability

Impact An open redirect vulnerability in the HTML conversion request filter allows attackers to construct URLs on an XWiki instance that redirect to any URL. To reproduce, open /xwiki/bin/view/Main/?foo=bar&foosyntax=invalid&RequiresHTMLConversion=foo&xerror=https://www.example.com/ where is the...

CVE-2024-7983

Open-WebUI 0.3.8 exposes an unauthenticated markdown-to-HTML endpoint (likely /api/v1/utils/markdown). A crafted payload can cause high CPU/time consumption, rendering the server unresponsive (DoS). Remediation: upgrade to open-webui version 0.5.13 or newer.

CVE-2024-45626 Apache James: denial of service through JMAP HTML to text conversion

Apache James server JMAP HTML to text plain implementation in versions below 3.8.2 and 3.7.6 is subject to unbounded memory consumption that can result in a denial of service. Users are recommended to upgrade to version 3.7.6 and 3.8.2, which fix this issue...

PT-2024-10175 · Unknown · Phpspreadsheet

Name of the Vulnerable Software and Affected Versions: PhpSpreadsheet versions prior to 3.7.0 PhpSpreadsheet versions prior to 2.3.5 PhpSpreadsheet versions prior to 2.1.6 PhpSpreadsheet versions prior to 1.29.7 Description: The issue is related to a cross-site scripting XSS vulnerability in cust...

GHSA-HHHV-GGJX-Q9J2 Glossarizer Cross-site Scripting vulnerability

Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...

CVE-2024-42515

Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters e.g., , the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append a XSS payload to a...

CVE-2024-42515

CVE-2024-42515 affects Glossarizer (1.5.2 and earlier). The vulnerability arises when correctly escaping characters is bypassed because the underlying library converts encoded characters into real HTML, enabling stored XSS via appending a payload to a glossary entry. Affected component is Glossar...

PT-2024-30000 · Unknown · Glossarizer

Name of the Vulnerable Software and Affected Versions: Glossarizer versions 1.5.2 and earlier Description: The issue arises from the improper conversion of text into HTML, potentially leading to stored XSS attacks. Although the application itself escapes special characters, the underlying library...

Design/Logic Flaw

Wire web-app is part of Wire communications. Versions prior to 2022-11-02 are subject to Improper Handling of Exceptional Conditions. In the wire-webapp, certain combinations of Markdown formatting can trigger an unhandled error in the conversion to HTML representation. The error makes it...