61 matches found
EUVD-2020-0528
Malware in sbrugna...
EUVD-2025-25223
Malicious code in bioql PyPI...
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade Firefox-ESR to version 140.3 or higher. Reference...
Origin Validation Error
Overview Affected versions of this package are vulnerable to Origin Validation Error via the rendering process. An attacker can execute arbitrary code or cause a denial of service by enticing a user to visit a specially crafted web page. Remediation Upgrade thunderbird to version 143.0 or higher...
CVE-2025-55618
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered...
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-10.0.1.2)
The version of AHV installed on the remote host is prior to AHV-10.0.1.2. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-10.0.1.2 advisory. - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper...
Linux Distros Unpatched Vulnerability : CVE-2022-1185
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to...
Linux Distros Unpatched Vulnerability : CVE-2019-5060
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable code execution vulnerability exists in the XPM image rendering function of SDL2image 2.0.4. A specially crafted XPM image can cause an integer...
CVE-2025-53835
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...
Server-side Template Injection
binarytorch/larecipe is vulnerable to Server-side Template Injection SSTI. The vulnerability is due to improper handling of user input in template rendering, which allows an attacker to inject malicious templates and potentially achieve Remote Code Execution RCE in vulnerable server configuration...
CVE-2025-53836 XWiki Rendering is vulnerable to RCE attacks when processing nested macros
XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 4.2-milestone-1 and prior to versions 13.10.11, 14.4.7, and 14.10, the default macro content parser doesn't preserve the restricte...
XWiki Rendering is vulnerable to RCE attacks when processing nested macros
Impact The default macro content parser didn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWi...
CVE-2021-21422
mongo-express is a web-based MongoDB admin interface, written with Node.js and express. 1: As mentioned in this issue: https://github.com/mongo-express/mongo-express/issues/577, when the content of a cell grows larger than supported size, clicking on a row will show full document unescaped, howev...
CVE-2025-1558 Denial of Service Via Malicious GIF
Mattermost Mobile Apps versions =2.25.0 fail to properly validate GIF images prior to rendering which allows a malicious user to cause the Android application to crash via message containing a maliciously crafted GIF...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the rendering of web pages. An attacker can inject malicious scripts by submitting crafted input that is improperly sanitized before being included in the output HTML. Detai...
PYSEC-2023-195
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract da...
OctoPrint Security Vulnerability
OctoPrint is an application. that provides a fast web interface for controlling consumer 3D printers. A security vulnerability exists in OctoPrint versions prior to 1.9.3, which originated from a vulnerability that allows an attacker to extract data managed by OctoPrint or manipulate data managed...
CVE-2023-2932
Use after free in PDF in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...
The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the use of memory after it is freed, allows attackers to execute arbitrary code.
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit lies in the use of memory after it is freed during the processing of web content. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
UBUNTU-CVE-2022-27470
SDLttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTFRenderTextSolid. This vulnerability is triggered via a crafted TTF file...