CVE-2026-8012

Inappropriate implementation in MHTML in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to inject arbitrary scripts or HTML UXSS via a crafted HTML page. Chromium security severity: Low...

CVE-2025-59854 HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a...

BentoML < 1.4.38 Multiple Vulnerabilities (GHSA-fgv4-6jr3-jgfw, GHSA-v959-cwq9-7hr6)

The version of the BentoML library installed on the remote host is prior to 1.4.38. It is, therefore, affected by multiple vulnerabilities: - The cloud deployment path in deployment.py was not included in the fix for CVE-2026-33744. The systempackages field is interpolated directly into a shell...

InvenTree 安全漏洞

InvenTree is an open-source inventory management system developed by InvenTree. It provides robust low-level inventory control and part tracking capabilities. Versions of InvenTree from 1.2.3 to 1.2.6 contained security vulnerabilities. These vulnerabilities stemmed from a mismatch between the...

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

CVE-2026-31859

CVE-2026-31859 (Craft CMS) : Craft CMS is vulnerable to a reflective XSS via incomplete return URL sanitization. The fix for CVE-2025-35939 added a strip_tags() call in src/web/User.php to sanitize return URLs, but strip_tags() only strips HTML tags and does not validate URL schemes. Payloads suc...

Termix 安全漏洞

Termix is a server management platform for Karmaa individual developers. A security vulnerability exists in Termix versions 1.7.0 through 1.9.0, which stems from a file manager component that does not clean up the contents of SVG files before rendering them, which could lead to a stored cross-sit...

HCL Connections 安全漏洞

HCL Connections is a suite of enterprise collaboration platforms from HCL India. A security vulnerability exists in HCL Connections version 8.0, which stems from improper rendering of application data and could lead to disclosure of sensitive information...

CVE-2025-63680

Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw CWE-22 that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a...

CVE-2025-49175

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

OpenAI ChatGPT 安全漏洞

OpenAI ChatGPT is a text-based artificial intelligence assistant from OpenAI, Inc. Interaction takes place in the form of a dialog. A security vulnerability exists in OpenAI ChatGPT versions 2025-03-30 and earlier, which stems from improper inline rendering of SVG documents and could lead to HTML...

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in versions of Open WebUI prior to 0.6.6 that stems from improper rendering of HTML tags in chat messages, which could lead to cross-site scripting...

FlaskBlog Cross-Site Scripting Vulnerability

FlaskBlog is a simple blog application built using Flask. FlaskBlog suffers from a cross-site scripting vulnerability that stems from improper storage and rendering of pages, allowing an attacker to execute arbitrary JavaScript code...

SUSE CVE-2011-2614

The SVG implementation in Opera before 11.50 allows remote attackers to cause a denial of service application crash via vectors involving a path on which many characters are drawn...

grub2: Heap based out-of-bounds write when redering certain unicode sequences

A flaw was found in the grub2 font code. When rendering certain unicode sequences, it fails to properly validate the font width and height. These values are further used to access the font buffer, causing possible out-of-bounds writes. A malicious actor may craft a font capable of triggering this...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

environment: Unicode's bidirectional (BiDi) override characters can cause trojan source attacks

A flaw was found in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text. An attacker could exploit this to deceive a human reviewer by creating a malicious patch containing well placed BiDi characters. The...

CVE-2021-2360

Vulnerability in the Oracle Approvals Management product of Oracle E-Business Suite component: AME Page rendering. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Approvals...

PDF2JSON 资源管理错误漏洞

PDF2JSON is a conversion library based on XPDF 3.02 that can be used to convert PDF pages to JSON and XML formats on a page-by-page basis. PDF2JSON Gfx::doShowText has a security vulnerability. An attacker could exploit this vulnerability to cause a denial of service...

Cisco Webex Teams 安全漏洞

Cisco Webex Teams is a comprehensive communications application designed to provide you with all the necessary tools and the right environment to enhance team collaboration. A shared file manipulation vulnerability exists in versions prior to Cisco Webex Teams 40.12.0.17293. The vulnerability ste...