1166 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-29952
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When Web Render components were destructed, a race condition could have caused undefined behavior, and we presume that with enough effort may have been...
Linux Distros Unpatched Vulnerability : CVE-2015-3231
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed b...
Linux Distros Unpatched Vulnerability : CVE-2024-32875
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.125.3, title arguments in Markdown for links and images not escaped in...
xorg-x11-server: Use-after-free in ProcRenderAddGlyphs
A use-after-free vulnerability was found in the ProcRenderAddGlyphs function of Xorg servers. This issue occurs when AllocateGlyph is called to store new glyphs sent by the client to the X server, potentially resulting in multiple entries pointing to the same non-refcounted glyphs. Consequently,...
webkitgtk: heap-use-after-free in WebCore::RenderLayer::addChild()
A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely...
Progress多款产品 跨站脚本漏洞
Progress Telerik UI for ASP.NET Core and others are products of Progress, Inc.Progress Telerik UI for ASP.NET Core is a set of UI component libraries for building cross-platform responsive web applications.Progress Telerik UI for Progress Telerik UI for ASP.NET MVC is a library of UI components f...
CVE-2025-20297
In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint th...
Splunk Cloud Platform和Splunk Enterprise 跨站脚本漏洞
Splunk Cloud Platform and Splunk Enterprise are both products of Splunk, Inc. of the U.S. Splunk Cloud Platform is a powerful data collection, processing, and analytics service.Splunk Enterprise is a suite of data collection and analytics software. A cross-site scripting vulnerability exists in...
CVE-2024-30920
Cross Site Scripting vulnerability in DerbyNet v9.0 and below allows a remote attacker to execute arbitrary code via the render-document.php component...
CVE-2024-10360
The Move Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.5 via the render function in includes/widgets/accordion/widget.php, includes/widgets/remote-template/widget.php, and other widget.php files. This makes it...
CVE-2024-55657
SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's /api/template/render endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16...
Malicious code in com.unity.renderstreaming (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db96f5b3a2ace783068fe773607e8b9894aad6bc2becaa443b4f8cceba9b033f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in insufficient data cleansing, which allows attackers to carry out XSS attacks.
The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to insufficient cleaning of data provided by users in the Asciidoctor render. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
CVE-2022-34000
libjxl 0.6.1 has an assertion failure in LowMemoryRenderPipeline::Init in renderpipeline/lowmemoryrenderpipeline.cc...
CVE-2021-32818
haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application...
CVE-2020-23986
Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting XSS vulnerability via the function renderError...
Malicious code in com.unity.render-pipelines.universal-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e796de3cb6203dc09766f14c46913307a4c760e4cd01047b30993c7ac605648c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
React Router allows pre-render data spoofing on React-Router framework mode
Summary After some research, it turns out that it's possible to modify pre-rendered data by adding a header to the request. This allows to completely spoof its contents and modify all the values of the data object passed to the HTML. Latest versions are impacted. Details The vulnerable header i...
Path Traversal
org.noear:solon-view is vulnerable to path traversal. The vulnerability is due to insufficient validation of user input in the rendermav function, which allows the manipulation of the template argument to perform path traversal...
Cross-site Scripting (XSS)
Overview github.com/beego/beego/v2/server/web is an open-source, high-performance, modular, full-stack web framework. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the renderFormField function in templatefunc.go. If an application is using RenderForm, an attacker...