86 matches found
GHSA-299V-8PQ9-5GJQ New API has Potential XSS in its MarkdownRenderer component
Summary A potential unsafe operation occurs in component MarkdownRenderer.jsx, allowing for Cross-Site ScriptingXSS when the model outputs items containing tag. Details Line 212-231 of MarkdownRenderer.jsx is unsafe, it use dangerouslySetInnerHTML to preview html the model generates. This can...
EUVD-2020-17119
Malware in sbrugna...
EUVD-2024-22266
Malicious code in bioql PyPI...
CVE-2025-5198
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This obje...
CVE-2025-5198 Stackrox: xss in stackrox
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This obje...
CVE-2025-5198 Stackrox: xss in stackrox
A flaw was found in Stackrox, where it is vulnerable to Cross-site scripting XSS if the script code is included in a small subset of table cells. The only known potential exploit is if the script is included in the name of a Kubernetes “Role” object that is applied to a secured cluster. This obje...
CVE-2020-5235
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PBENABLEMALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc runs out of memory when expanding the array nanopb can end...
Linux Distros Unpatched Vulnerability : CVE-2024-53056
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/mediatek: Fix potential NULL dereference in mtkcrtcdestroy In mtkcrtccreate, if the call to mboxrequestchannel fails then we set the mtkcrtc-cmdqclient.chan...
Linux Distros Unpatched Vulnerability : CVE-2025-21763
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - neighbour: use RCU protection in neighnotify neighnotify can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF. CVE-2025-21763...
Linux Distros Unpatched Vulnerability : CVE-2024-1670
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromiu...
Linux Distros Unpatched Vulnerability : CVE-2023-0802
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibTIFF 4.4.0 has an out-of-bounds write in tiffcrop in tools/tiffcrop.c:3724, allowing attackers to cause a denial-of-service via a crafted tiff file. For user...
Linux Distros Unpatched Vulnerability : CVE-2017-5436
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An out-of-bounds write in the Graphite 2 library triggered with a maliciously crafted Graphite font. This results in a potentially exploitable crash. This issue...
PT-2025-4217 · Microsoft · Windows
The Microsoft Windows Installer Service is affected by a local privilege escalation issue, which can be exploited by attackers to gain elevated privileges on a system. This issue is related to a link following flaw in the Windows Installer Service. The vulnerable software is Microsoft Windows. An...
CVE-2024-30124 HCL Sametime is impacted by insecure services
HCL Sametime is impacted by insecure services in-use on the UIM client by default. An unused legacy REST service was enabled by default using the HTTP protocol. An attacker could potentially use this service endpoint maliciously...
kernel: vt: fix memory overlapping when deleting chars in the buffer
A flaw was found in the Linux kernel's virtual terminal driver which causes a memory overlapping copy to occur, this overlapping copy can lead to data corruption and could potentially allow an attacker interacting with a virtual terminal to corrupt or expose system memory...
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
An issue was discovered in Juju that resulted in the leak of the sensitive context ID, which allows a local unprivileged attacker to access other sensitive data or relation accessible to the local charm. A potential exploit where a user can run a bash loop attempting to execute hook tools. If...
CVE-2024-5696
By manipulating the text in an input tag, an attacker could have caused corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox 127, Firefox ESR 115.12, and Thunderbird 115.12...
CVE-2024-31852
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...
Type confusion
Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...
High risk in integrating Ocean with Curve TriCrypto pool on Arbitrum
Lines of code Vulnerability details Impact The Curve TriCrypto adapter contract enables swapping, adding liquidity, and removing liquidity for the USDT-WBTC-ETH pool on Arbitrum. However, this pool has been flagged for potential exploit risks. Curve Finance issued a warning: This pool might be at...