Lucene search
K

6682 matches found

Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.7 views

PT-2026-30654

Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo function in queries.js renders data.upstream, data.client.ip, and data.ede.text into HTML without escaping when a user expands a...

3.1CVSS6AI score0.00171EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.8 views

Electron 资源管理错误漏洞

Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 33.0.0-alpha.1,...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/04/05 8:2 a.m.6 views

drm/amdgpu: Limit BO list entry count to prevent resource exhaustion

...

5.5CVSS5.2AI score0.00123EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-23470

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/imagination: Fix deadlock in soft reset sequence The soft reset sequence is currently executed from the threaded IRQ handler, hence it cannot call disableir...

5.5CVSS5.8AI score0.00094EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-23468

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bonumber field. Although...

5.5CVSS5.9AI score0.00123EPSS
Exploits0References3
NVD
NVD
added 2026/04/04 12:16 a.m.3 views

CVE-2026-34774

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...

8.1CVSS0.00444EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.8 views

Electron 资源管理错误漏洞

Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to...

8.1CVSS5.8AI score0.00444EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/03 11:52 p.m.22 views

CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...

8.1CVSS0.00444EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/03 11:52 p.m.2 views

CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...

8.1CVSS5.8AI score0.00444EPSS
Exploits0References1
CVE
CVE
added 2026/04/03 11:52 p.m.10 views

CVE-2026-34774

Electron is affected when apps use offscreen rendering (webPreferences.offscreen: true) and allow child windows via window.open(). In such cases, if the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child can dereference freed memory, ...

8.1CVSS5.8AI score0.00444EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/03 11:52 p.m.1 views

CVE-2026-34774

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...

8.1CVSS5.8AI score0.00444EPSS
Exploits0References2Affected Software1
Snyk
Snyk
added 2026/04/03 11:38 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown to HTML rendering. An attacker can inject arbitrary scripts by crafting malicious links or image links in markdown content, which may be executed in the context of users viewing the rendered HTM...

6.1CVSS5.8AI score0.00185EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/03 11:28 p.m.3 views

SUSE CVE-2026-23418

In the Linux kernel, the following vulnerability has been resolved: drm/xe/regsr: Fix leak on xastore failure Free the newly allocated entry when xastore fails to avoid a memory leak on the error path. v2: use goto failfree. Bala cherry picked from commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb...

5.5CVSS5.7AI score0.00113EPSS
Exploits0References9
Snyk
Snyk
added 2026/04/03 9:52 p.m.80 views

Use After Free

Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the release callback of the paint event, when offscreen rendering with GPU shared textures is enabled. An...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2
OSV
OSV
added 2026/04/03 9:52 p.m.1 views

GHSA-8X5Q-PVF5-64MP Electron: Use-after-free in offscreen shared texture release() callback

Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main...

2.3CVSS5.8AI score0.001EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/03 9:52 p.m.6 views

Electron: Use-after-free in offscreen shared texture release() callback

Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main...

5.5CVSS5.8AI score0.001EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 9:41 p.m.2 views

CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component

RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...

8.7CVSS6.2AI score0.00386EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/03 7:31 p.m.7 views

CVE-2026-23471

In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free on framebuffers and property blobs when calling drmdevunplug When trying to do a rather aggressive test of igt's "xemoduleload --r reload" with a full desktop environment and game running I noticed a few...

5.8AI score0.00032EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 7:11 p.m.3 views

CVE-2026-23430

A flaw was found in the Linux kernel, specifically within the drm/vmwgfx component. This vulnerability occurs when the kernel incorrectly overwrites the Kernel Mode Setting KMS surface dirty tracker. This error leads to a memory leak, which can degrade system performance and potentially cause...

5.5CVSS5.8AI score0.00121EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/03 4:59 p.m.5 views

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

6.4CVSS5.8AI score0.00262EPSS
Exploits1References1
Rows per page
Query Builder