Lucene search
K

6683 matches found

OPENSUSE Linux
OPENSUSE Linux
added 2026/03/30 12:0 a.m.3 views

Security update for libjxl (moderate)

openSUSE Security Update: Security update for libjxl Announcement ID: openSUSE-SU-2026:0107-1 Rating: moderate References: 1258090 Cross-References: CVE-2025-12474 CVSS scores: CVE-2025-12474 SUSE: 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Affected Products: openSUSE...

6.9CVSS5.9AI score0.00101EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/30 12:0 a.m.9 views

FreeRDP 安全漏洞

FreeRDP is an open-source RDP protocol implementation developed by the FreeRDP team. Versions of FreeRDP prior to 3.24.2 contained security vulnerabilities. These vulnerabilities stemmed from rendering pixel data in adjacent heap memory onto the screen, potentially exposing sensitive data to...

7.1CVSS5.8AI score0.00205EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/30 12:0 a.m.4 views

Fedora 44 : webkitgtk (2026-f00460a7d9)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-f00460a7d9 advisory. Update to 2.52.1: Reduce the amount of useless MPRIS notifications produced by MediaSesion when the information about media being played is...

8.8CVSS7.1AI score0.00961EPSS
Exploits2References19
Anthropic
Anthropic
added 2026/03/29 8:42 p.m.15 views

ANT-2026-T44WA684 · ImageMagick · heap-buffer-overflow

heap-buffer-overflow high GHSA-x9h5-r9v2-vcww Severity Claude high · Security research firm high · Maintainer high Discovered by Claude Mythos Preview SECURITY RESEARCH FIRM ANALYSIS Triage and disclosure were performed by Trail of Bits. The writeup below is the document the firm sent to the...

6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.3 views

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.9AI score0.00202EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/27 10:51 p.m.5 views

CVE-2026-33664

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

7.3CVSS6.1AI score0.00255EPSS
Exploits2References1
Github Security Blog
Github Security Blog
added 2026/03/27 6:21 p.m.12 views

Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial

Summary A crafted object placed in the template context can bypass all conditional guards in resolvePartial and cause invokePartial to return undefined. The Handlebars runtime then treats the unresolved partial as a source that needs to be compiled, passing the crafted object to env.compile...

8.1CVSS6AI score0.00687EPSS
Exploits1References5Affected Software1
SUSE Linux
SUSE Linux
added 2026/03/27 2:43 p.m.3 views

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox 140.9.0 ESR MFSA 2026-22, bsc1260083: CVE-2026-4684: Race condition, use-after-free in the Graphics: WebRender component CVE-2026-4685: Incorrect boundary conditions in the Graphics: Canvas2D component CVE-2026-4686:...

8.8CVSS6.4AI score0.01279EPSS
Exploits1References78
Fedora
Fedora
added 2026/03/27 1:18 a.m.7 views

[SECURITY] Fedora 43 Update: vtk-9.2.6-44.fc43

VTK is an open-source software system for image processing, 3D graphics, volume rendering and visualization. VTK includes many advanced algorithms e.g., surface reconstruction, implicit modeling, decimation and rendering techniques e.g., hardware-accelerated volume rendering, LOD control. NOTE: T...

8.6CVSS5.8AI score0.00144EPSS
Exploits0
Fedora
Fedora
added 2026/03/27 12:50 a.m.9 views

[SECURITY] Fedora 42 Update: vtk-9.2.6-38.fc42

VTK is an open-source software system for image processing, 3D graphics, volume rendering and visualization. VTK includes many advanced algorithms e.g., surface reconstruction, implicit modeling, decimation and rendering techniques e.g., hardware-accelerated volume rendering, LOD control. NOTE: T...

8.6CVSS5.8AI score0.00144EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.2 views

PT-2026-28572

Name of the Vulnerable Software and Affected Versions Handlebars versions 4.0.0 through 4.7.8 Description Handlebars allows users to build semantic templates. A crafted object placed in the template context can bypass conditional guards in the resolvePartial function, causing invokePartial to...

8.1CVSS6.1AI score0.00687EPSS
Exploits1References16
GithubExploit
GithubExploit
added 2026/03/26 10:56 p.m.128 views

Exploit for CVE-2026-29971

CVE-2026-29971 An attacker can execute arbitrary JavaScript in...

5.9AI score0.00299EPSS
Exploits3
OSV
OSV
added 2026/03/26 10:20 p.m.3 views

GHSA-2QVQ-RJWJ-GVW9 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection

Summary resolvePartial in the Handlebars runtime resolves partial names via a plain property lookup on options.partials without guarding against prototype-chain traversal. When Object.prototype has been polluted with a string value whose key matches a partial reference in a template, the polluted...

4.7CVSS5.7AI score0.07028EPSS
Exploits4References7
NVD
NVD
added 2026/03/26 9:17 p.m.10 views

CVE-2026-33742

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS0.00202EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/26 9:13 p.m.7 views

EUVD-2026-16430

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

7.3CVSS6AI score0.00255EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/03/26 9:13 p.m.20 views

CVE-2026-33664 Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

7.3CVSS0.00255EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/26 9:13 p.m.2 views

CVE-2026-33664

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

7.3CVSS6AI score0.00255EPSS
Exploits2References2Affected Software1
CVE
CVE
added 2026/03/26 9:13 p.m.6 views

CVE-2026-33664

Kestra 1.x (up to 1.3.3) is vulnerable to Stored Cross-Site Scripting in Markdown-based YAML flow metadata. The issue arises when user-supplied flow YAML fields—specifically description, inputs[].displayName, and inputs[].description—are rendered by Markdown.vue with html: true and then injected ...

7.3CVSS6AI score0.00255EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/26 9:13 p.m.6 views

CVE-2026-33664 Kestra Vulnerable to Stored Cross-Site Scripting via Flow YAML Fields

Kestra is an open-source, event-driven orchestration platform Versions up to and including 1.3.3 render user-supplied flow YAML metadata fields — description, inputs.displayName, inputs.description — through the Markdown.vue component instantiated with html: true. The resulting HTML is injected...

7.3CVSS6.1AI score0.00255EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/26 8:50 p.m.5 views

EUVD-2026-16418

Invoice Ninja is a source-available invoice, quote, project and time-tracking app built with Laravel. Product notes fields in Invoice Ninja v5.13.0 allow raw HTML via Markdown rendering, enabling stored XSS. The Markdown parser output was not sanitized with purify::clean before being included in...

5.4CVSS5.8AI score0.00202EPSS
Exploits1References2
Rows per page
Query Builder