SUSE CVE-2026-20031

A vulnerability in the HTML Cascading Style Sheets CSS module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit th...

CVE-2025-66458 Lookyloo has multiple XSS due to unsafe use of f-strings in Markup

Lookyloo is a web interface that allows users to capture a website page and then display a tree of domains that call each other. Prior to 1.35.3, there are multiple XSS due to unsafe use of f-strings in Markup. The issue requires a malicious 3rd party server responding with a JSON document...

Linux Distros Unpatched Vulnerability : CVE-2017-15573

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content. CVE-2017-15573 Note that Nessus relies on the presence ...

CVE-2020-1439

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'...

CVE-2023-45359

An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup...

NVIDIA DGX Security Vulnerability

NVIDIA DGX is a high-performance workstation for deep learning applications from NVIDIA. A security vulnerability exists in the NVIDIA DGX A100 Servers, which stems from an attacker could lead to an SMI markup vulnerability that could be used to execute arbitrary code at the SMM level...

MGASA-2022-0019 Updated thunderbird packages fix security vulnerability

It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox CVE-2021-4140. Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable cra...

Security Update for .NET Core (January 2020)

The Microsoft .NET Core installation on the remote host is version 3.0.x 3.0.2 or 3.1.x 3.1.1. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who...

PT-2019-17122 · Ibm · Ibm Security Directory Server

Name of the Vulnerable Software and Affected Versions: IBM Security Directory Server version 6.4.0 Description: The issue allows attackers to modify the syntax, content, or commands of the XML before it is processed by an end system, due to the improper neutralization of special elements used in...

DEBIAN-CVE-2017-15573

In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because markup is mishandled in wiki content...