UBUNTU-CVE-2025-68184

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 "drm/mediatek: Add AFBC support to Mediatek DRM driver" added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modifier. However, this is...

CVE-2025-68184 drm/mediatek: Disable AFBC support on Mediatek DRM driver

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 "drm/mediatek: Add AFBC support to Mediatek DRM driver" added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modifier. However, this is...

Linux Distros Unpatched Vulnerability : CVE-2025-68184

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 drm/mediatek: Add AFBC support to Mediatek DRM driver added AFBC support to...

EUVD-2025-203388

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

CVE-2025-66438

CVE-2025-66438 describes a Server-Side Template Injection in Frappe ERPNext up to version 15.89.0, exploiting the Print Format rendering workflow. An authenticated attacker with permissions to create/modify a Print Format can inject arbitrary Jinja expressions into the html field. Saving the mali...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from improper handling of the drm/msm page table preallocation error path, which could lead to a null pointer...

@amazeelabs/bridge-waku (>=1.1.0 <=2.0.1), @amazeelabs/executors (>=3.0.0 <=3.1.14) +21 more potentially affected by CVE-2025-55182 via react-server-dom-webpack (>=19.0.0-rc.0 <=19.0.0)

react-server-dom-webpack NPM version =19.0.0-rc.0, =1.1.0, =3.0.0, =1.1.0, =1.1.0, =0.9.1-next.19, =0.9.1-next.19, =0.9.1-next.19, =0.0.4, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250108080920, =0.0.0-next-20250219082408, =0.0.2, =0.1.0-rc....

Malicious code in render-stage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c65b8147f7b040c89bba386febb3dbbfe85d6f5e9c14fa261e67de9bc558587 The package render-stage was found to contain malicious code...

EUVD-2025-200045

Malicious code in render-stage npm...

MAL-2025-191524 Malicious code in render-stage (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2c65b8147f7b040c89bba386febb3dbbfe85d6f5e9c14fa261e67de9bc558587 The package render-stage was found to contain malicious code...

PT-2025-48414

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible to initiate the attack remotely. The explo...

CVE-2025-47932 Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack...

CVE-2025-47932 Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack...

CVE-2025-47932 Combodo iTop vulnerable to reflected XSS in ajax.render.php render_dashboard

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is rendered via an AJAX call. Versions 2.7.13 and 3.2.2 sanitize the var responsible for the attack...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

CVE-2025-62618

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

PT-2025-51597

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel's Mediatek DRM driver has an issue where AFBC support, added by commit c410fa9b07c3, is broken on Mediatek MT8188 Genio 700 EVK platform when used with upstream Kernel a...

CVE-2025-9981

QuickCMS is vulnerable to multiple Stored XSS in slider editor functionality sliders-form. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default admin user is not able to add JavaScript into the website. T...