CVE-2026-22851

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.20.1, a race condition between the RDPGFX dynamic virtual channel thread and the SDL render thread leads to a heap use-after-free. Specifically, an escaped pointer to sdl-primary SDLSurface is accessed after it has been...

Cross-site Scripting (XSS)

Overview html2pdf.js is a Client-side HTML-to-PDF rendering using pure JS Affected versions of this package are vulnerable to Cross-site Scripting XSS via the html2pdf function when processing unsanitized text not element sources. An attacker can execute arbitrary scripts in the context of the...

Cross-site Scripting (XSS)

React Router is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of untrusted input in the meta / APIs during server-side rendering, which allows an attacker to inject malicious script content into generated script:ld+json tags and execute arbitrary JavaScript...

MiracleLinux 4 : kernel-2.6.32-220.23.1.el6 (AXSA:2012-646:05)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-646:05 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

MiracleLinux 3 : freetype-2.2.1-25.0.1.AXS3 (AXSA:2010-399:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-399:01 advisory. The FreeType engine is a free and portable TrueType font rendering engine, developed to provide TrueType support for a variety of platforms and...

MiracleLinux 3 : pango-1.14.9-8.AXS3.3 (AXSA:2011-317:02)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-317:02 advisory. Pango is a system for layout and rendering of internationalized text. Security issues fixed with this release: CVE-2011-3193 No information available at the...

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

CVE-2022-50899

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

CVE-2022-50899 Geonetwork 4.2.0 - XML External Entity (XXE)

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

CVE-2022-50899

Geonetwork 3.10–4.2.0 is affected by an XML External Entity (XXE) vulnerability in the PDF rendering path. The issue arises from an insecure XML parser that can be driven by a crafted XML document with external entity references, allowing an attacker to read arbitrary server files via the baseURL...

CVE-2025-71076

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit numsyncs to prevent oversized allocations The OA open parameters did not validate numsyncs, allowing userspace to pass arbitrarily large values, potentially leading to excessive allocations. Add check to ensure...

CVE-2025-71083 drm/ttm: Avoid NULL pointer deref for evicted BOs

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer deref for evicted BOs It is possible for a BO to exist that is not currently associated with a resource, e.g. because it has been evicted. When devcoredump tries to read the contents of all BOs for...

CVE-2025-68802

CVE-2025-68802 concerns the Linux kernel DRM XE path. The vulnerability stems from exec/vm_bind ioctls allowing an unbounded num_syncs value, enabling an excessively large allocation and warnings from the page allocator. The fix introduces DRM_XE_MAX_SYNCS (1024) and rejects requests exceeding th...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fixed a use-after-free issue during validation. The nodes stored in the validation duplicate hashtable originate from an arena allocator, which is cleared at the end of vmwexecbufprocess. All nodes are expected to be...

Exploit for CVE-2026-22804

Termix Stored XSS PoC GHSA-m3cv-5hgp-hv35 This repository c...

SUSE CVE-2026-21884

React Router is a router for React. In @remix-run/react version prior to 2.17.3. and react-router 7.0.0 through 7.11.0, a XSS vulnerability exists in in React Router's API in Framework Mode when using the getKey/storageKey props during Server-Side Rendering which could allow arbitrary JavaScript...

PT-2026-2375

Geonetwork 3.10 through 4.2.0 contains an XML external entity vulnerability in PDF rendering that allows attackers to retrieve arbitrary files from the server. Attackers can exploit the insecure XML parser by crafting a malicious XML document with external entity references to read system files...

ROS-20260113-7338

A vulnerability in the dcn30inithw function of the drivers/gpu/drm/amd/display/dc/dcn30/dcn30hwseq.c module of the AMD graphics card Direct Rendering Infrastructure DRI support driver of the Linux operating system kernel is related to pointer dereferencing. Exploitation of the vulnerability could...

ROS-20260113-7308

A vulnerability in the dmupdatemstvcpislotsfordsc function of the Direct Rendering Infrastructure DRI support driver of AMD graphics cards in the Linux operating system kernel is related to insufficient input validation when dividing by zero. Exploitation of the vulnerability could allow an...