PT-2026-48470

A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names, and tag metadata directly into HTML, HTML attributes, inline JavaScript event handlers, and CSS...

CVE-2026-46492

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

CVE-2026-46492 md-fileserver: Stored/Reflected XSS when viewing Markdown (raw HTML allowed)

md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting XSS vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including tags—is processed and injecte...

CVE-2026-46492

md-fileserver önce 1.10.3 sürümünden önce HTML içeren Markdown içeriğini güvenli olmayan şekilde render ediyor; bu, kullanıcı tarafından sağlanan Markdown içeriğinde yer alan [removed] gibi ham HTML’nin sayfaya güvenliksız olarak enjekte edilmesine yol açıyor. Etkilenen bileşenler arasında Markdo...

CVE-2026-25688 Apache Answer: XSS in AI Answer Rendering

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...

CVE-2026-25688

CVE-2026-25688 describes an XSS vulnerability in Apache Answer. The issue is an improper neutralization of alternate XSS syntax in AI-generated responses rendered in the browser, affecting Apache Answer up to version 2.0.0. Affected behavior allows execution of malicious scripts when content is v...

CVE-2026-25688 Apache Answer: XSS in AI Answer Rendering

Improper Neutralization of Alternate XSS Syntax vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. AI-generated response content was rendered in the browser without proper sanitization, allowing malicious scripts to be executed when the content was viewed. Users are...

SUSE CVE-2026-46309

In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject cohnone PAT index for CPU cached memory in madvise Add validation in xevmmadviseioctl to reject PAT indices with XECOHNONE coherency mode when applied to CPU cached memory. Using cohnone with CPU cached buffer...

md-fileserver 安全漏洞

md-fileserver is a local Markdown file browser and rendering server developed by Commenthol as an individual project. Versions of md-fileserver prior to 1.10.3 contained security vulnerabilities. These vulnerabilities stemmed from the Markdown rendering logic’s failure to clean up the embedded...

EUVD-2025-210081

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

CVE-2025-71315 drm/vkms: Convert to DRM's vblank timer

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in concept, but differs in implementation. Vblank timers are covered in vblank helpers and initializer...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper access to the wptr mapping in the drm amdgpu userq component, potentially leading to...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the drm/vkms module’s conversion of the vblank timer into DRM. This conversion removes the...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from improper handling of multiple synchronization extensions in DRM v3D, potentially leading to...

PT-2026-47382

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/amdgpu/userq component where stale wptr mapping is accessed. This occurs when the wptr obj is unmapped while queue creation is in progress, allowing another...

SUSE CVE-2026-50264

An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for...

[SECURITY] Fedora 44 Update: webkitgtk-2.52.4-1.fc44

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

CVE-2026-11422

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...

CVE-2026-11422

CVE-2026-11422 : A code injection vulnerability exists in Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28, within the WaveDrom rendering pipeline. The vulnerability arises from unsanitized WaveDrom block content being passed to window.eval() in the VS Code webview context, enabling a...

EUVD-2026-34916

Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedding malicious content in a wavedrom fenced code block within a crafted Markdown document. Attacker...