CVE-2025-63611

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields Explain the Complaint submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer /admin/complaint-details.php?cid=. When an administrator opens the complaint, injected...

CVE-2026-21872 NiceGUI apps are vulnerable to XSS which uses `ui.sub_pages` and render arbitrary user-provided links

NiceGUI is a Python-based UI framework. From versions 2.22.0 to 3.4.1, an unsafe implementation in the click event listener used by ui.subpages, combined with attacker-controlled link rendering on the page, causes XSS when the user actively clicks on the link. This issue has been patched in versi...

CVE-2025-13744

An Improper Neutralization of Input During Web Page Generation vulnerability was identified in GitHub Enterprise Server that allowed attacker controlled HTML to be rendered by the Filter component search across GitHub that could be used to exfiltrate sensitive information. An attacker would requi...

CVE-2025-63611

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields Explain the Complaint submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer /admin/complaint-details.php?cid=. When an administrator opens the complaint, injected...

CVE-2025-63611

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields Explain the Complaint submitted via /register-complaint.php are stored and rendered unescaped in the admin viewer /admin/complaint-details.php?cid=. When an administrator opens the complaint, injected...

CVE-2019-7295

typora through 0.9.63 has XSS, with resultant remote command execution, during block rendering of a mathematical formula...

RLSA-2026:0126 Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Out-of-Bounds Read in Poppler CVE-2025-32365 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

Gitlab -- vulnerabilities

Gitlab reports: Stored Cross-site Scripting issue in GitLab Flavored Markdown placeholders impacts GitLab CE/EE Cross-site Scripting issue in Web IDE impacts GitLab CE/EE Missing Authorization issue in Duo Workflows API impacts GitLab EE Missing Authorization issue in AI GraphQL mutation impacts...

CVE-2025-13744

CVE-2025-13744 affects GitHub Enterprise Server. The issue is an Improper Neutralization of Input During Web Page Generation in the Filter (search) component, allowing attacker-controlled HTML to be rendered across GitHub and potentially exfiltrate sensitive information. An attacker must have per...

PT-2026-1508

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.20 GitHub Enterprise Server versions 3.14.20 GitHub Enterprise Server versions 3.15.15 GitHub Enterprise Server versions 3.16.11 GitHub Enterprise Server versions 3.17.8 GitHub Enterprise Server...

ALSA-2026:0128 Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: Out-of-Bounds Read in Poppler CVE-2025-32365 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...

AZL-73415 CVE-2025-68757 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timerdeletesync from fence-ops.release called on last dmafenceput. In some scenarios, it can run...

PT-2026-1208

Name of the Vulnerable Software and Affected Versions zhanglun lettura versions up to 0.1.22 Description A security issue exists in zhanglun lettura affecting the RSS Handler component and specifically the processing within the src/components/ArticleView/ContentRender.tsx file. This issue results...

[SECURITY] Fedora 42 Update: webkitgtk-2.50.4-1.fc42

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

Fedora 42 : webkitgtk (2025-3e5ba4315a)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3e5ba4315a advisory. Correctly handle the program name passed to the sleep disabler. Ensure GStreamer is initialized before using the Quirks. Fix several crashes and...

PT-2026-6730

Name of the Vulnerable Software and Affected Versions MuPDF versions 1.23.0 through 1.27.0 Description MuPDF versions 1.23.0 through 1.27.0 have a double-free issue in the fz fill pixmap from display list function during display list rendering. This occurs when an exception happens, causing the...

PT-2026-27715

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s drm/xe/queue functionality where a missing finalization call during queue initialization can lead to invalid memory references. Specifically, if queue...

PT-2026-6121

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

PT-2026-27731

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the DRM client modeset probe function. Specifically, the modes variable in drm client modeset probe may fail to allocate memory using kcalloc. If...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993099)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993099 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/meson: Fix refcount bugs in mesonvpuhasavailableconnectors In this function, there are two...