Lucene search
K

61 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-0528

Malware in sbrugna...

7.2CVSS5.6AI score0.0106EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25223

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00147EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/16 12:45 p.m.2 views

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade Firefox-ESR to version 140.3 or higher. Reference...

8.8CVSS7.4AI score0.00329EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/16 12:45 p.m.2 views

Origin Validation Error

Overview Affected versions of this package are vulnerable to Origin Validation Error via the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade thunderbird to version 143.0 or higher...

8.8CVSS7.4AI score0.00281EPSS
Exploits0References2
OSV
OSV
added 2025/08/27 8:15 p.m.8 views

CVE-2025-55618

In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...

7.3CVSS5.8AI score0.00231EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/22 12:0 a.m.2 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.2)

The version of AHV installed on the remote host is prior to AHV-10.0.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.2 advisory. - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper...

8.8CVSS7.4AI score0.26049EPSS
Exploits6References12
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2022-1185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to...

6.5CVSS7AI score0.01277EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-5060

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer...

8.8CVSS8.7AI score0.04043EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/07/16 11:1 p.m.10 views

CVE-2025-53835

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

9CVSS6.2AI score0.00325EPSS
Exploits0References1
Veracode
Veracode
added 2025/07/16 5:19 a.m.5 views

Server-side Template Injection

binarytorch/larecipe is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to improper handling of user input in template rendering, which allows an attacker to inject malicious templates and potentially achieve Remote Code Execution RCE in vulnerable server configuration...

10CVSS7AI score0.09357EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/07/14 11:8 p.m.22 views

CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...

9.9CVSS6.6AI score0.00525EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2025/07/14 10:3 p.m.8 views

XWiki Rendering is vulnerable to RCE attacks when processing nested macros

Impact The default macro content parser didn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWi...

9.9CVSS7.5AI score0.00525EPSS
Exploits1References6Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 9:30 p.m.7 views

CVE-2021-21422

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...

8.1CVSS6.5AI score0.0157EPSS
Exploits1References1
OSV
OSV
added 2025/03/24 3:1 p.m.4 views

CVE-2025-1558 Denial of Service Via Malicious GIF

Mattermost Mobile Apps versions =2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF...

6.5CVSS6.6AI score0.00346EPSS
Exploits0References3
Snyk
Snyk
added 2025/03/12 4:43 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the rendering of web pages. An attacker can inject malicious scripts by submitting crafted input that is improperly sanitized before being included in the output HTML. Detai...

6.1CVSS5.3AI score0.00512EPSS
Exploits0References2
PyPA
PyPA
added 2023/10/09 4:15 p.m.7 views

PYSEC-2023-195

OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...

6.5CVSS8AI score0.00568EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/10/09 12:0 a.m.5 views

OctoPrint Security Vulnerability

OctoPrint is an application. that provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint versions prior to 1.9.3, which originated from a vulnerability that allows an attacker to extract data managed by OctoPrint or manipulate data managed...

6.5CVSS7.6AI score0.00568EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2023/05/30 10:15 p.m.33 views

CVE-2023-2932

Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

8.8CVSS7.2AI score0.00918EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/02/13 12:0 a.m.4 views

The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the use of memory after it is freed, allows attackers to execute arbitrary code.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit lies in the use of memory after it is freed during the processing of web content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8AI score0.00775EPSS
Exploits0References7Affected Software6
OSV
OSV
added 2022/05/04 3:15 a.m.3 views

UBUNTU-CVE-2022-27470

SDLttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTFRenderTextSolid. This vulnerability is triggered via a crafted TTF file...

7.8CVSS5.9AI score0.00946EPSS
Exploits1References4
Rows per page
Query Builder