6682 matches found
📄 Moodle TeX Formula Rendering Denial of Service
A denial of service vulnerability was identified in the TeX formula rendering component of Moodle. The issue occurs when rendering TeX content using the mimetex engine without enforcing sufficient execution time or resource limitations. By submitting specially crafted TeX formulas designed to...
PT-2026-21966
Name of the Vulnerable Software and Affected Versions Angular SSR versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 Description Angular SSR, a server-side rendering tool for Angular applications, contains a Server-Side Request Forgery SSRF issue in its request handling pipeline. The...
PT-2026-21961
Name of the Vulnerable Software and Affected Versions Angular SSR versions 19.x through 19.2.20 Angular SSR versions 20.x through 20.3.16 Angular SSR versions 21.x through 21.1.4 Angular SSR version 21.2.0-rc.0 Description An Open Redirect issue exists in the internal URL processing logic of...
Vikunja: Stored XSS via Unsanitized SVG Attachment Upload Leads to Token Exposure
Details The application allows users to upload SVG files as task attachments. SVG is an XML-based format that supports JavaScript execution through elements such as tags or event handlers like onload. The application does not sanitize SVG content before storing it. When the uploaded SVG file is...
Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module
Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...
Allocation of Resources Without Limits or Throttling
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in parseRequestBody, when parsing Server Action requests. Attackers can trigger ...
CVE-2026-27729 Astro has memory exhaustion DoS due to missing request body size limit in Server Actions
Astro is a web framework. In versions 9.0.0 through 9.5.3, Astro server actions have no default request body size limit, which can lead to memory exhaustion DoS. A single large POST to a valid action endpoint can crash the server process on memory-constrained deployments. On-demand rendered sites...
CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection
Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...
CVE-2026-25545 Astro has Full-Read SSRF in error rendering via Host: header injection
Astro is a web framework. Prior to version 9.5.4, Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect...
CVE-2026-25545
Astro SSRF in error rendering via Host header (CVE-2026-25545). Affected: Astro until version 9.5.4 and @astrojs/node before 9.5.4. Vulnerability arises when SSR error pages (e.g., 404/500) prerendered content fetches a URL constructed from the Host header, enabling an attacker to redirect to int...
Astro 代码问题漏洞
Astro is a content-driven website framework developed by Astro OpenSource. Versions of Astro prior to 9.5.4 had code vulnerabilities. These vulnerabilities stemmed from server-side rendering of pages, where errors were handled through server-side request forgeing, potentially allowing attackers t...
Astro has Full-Read SSRF in error rendering via Host: header injection
Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...
GHSA-QQ67-MVV5-FW3G Astro has Full-Read SSRF in error rendering via Host: header injection
Summary Server-Side Rendered pages that return an error with a prerendered custom error page eg. 404.astro or 500.astro are vulnerable to SSRF. If the Host: header is changed to an attacker's server, it will be fetched on /500.html and they can redirect this to any internal URL to read the respon...
[SECURITY] Fedora 43 Update: qpdfview-0.5.0-25.fc43
qpdfview is a tabbed PDF viewer. It uses the Poppler library for rendering and CUPS for printing. It provides a clear and simple graphical user interface using the Qt framewor k...
[SECURITY] Fedora 43 Update: mupdf-1.27.1-4.fc43
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
PT-2026-21569
Name of the Vulnerable Software and Affected Versions Bludit version 3.16.2 Description The application does not properly sanitize content input on the server side, despite client-side sanitation. An authenticated user can inject JavaScript into the post content field. This injected script execut...
[SECURITY] Fedora 42 Update: mupdf-1.26.3-5.fc42
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
Moodle TeX formula editor is vulnerable to DoS through lack of execution time limits
A Denial of Service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade...
CVE-2026-27009
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a atored XSS issue in the OpenClaw Control UI when rendering assistant identity name/avatar into an inline could break out of the script tag and execute attacker-controlled JavaScript in the Control UI origin. Version 2026.2.15...
CVE-2026-27121
svelte performance oriented web framework. Versions of svelte prior to 5.51.5 are vulnerable to cross-site scripting XSS during server-side rendering. When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an...