GHSA-MGR9-6C2J-JXRQ Pterodactyl has a Reflected XSS vulnerability in “Create New Database Host”

!NOTE Message from the Pterodactyl team: The Pterodactyl team has evaluated this as a minor security issue but does not consider it something that should be assigned a CVE, nor does it require active patching by vulnerable systems. This issue is entirely self-inflicted and requires an...

UBUNTU-CVE-2022-50884

In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drmcopyfield to attempt copying a NULL pointer There are some struct drmdriver fields that are required by drivers since drmcopyfield attempts to copy them to user-space via DRMIOCTLVERSION. But it can be possible th...

CVE-2022-50884

In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drmcopyfield to attempt copying a NULL pointer There are some struct drmdriver fields that are required by drivers since drmcopyfield attempts to copy them to user-space via DRMIOCTLVERSION. But it can be possible th...

CVE-2022-50867

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Fix kvzalloc vs statekcalloc usage adrenoshowobject is a trap! It will re-allocate the pointer it is passed on first call, when the data is ascii85 encoded, using kvmalloc/ kvfree. Which means the data passed to it...

CVE-2022-50847 drm/bridge: it6505: Initialize AUX channel in it6505_i2c_probe

In the Linux kernel, the following vulnerability has been resolved: drm/bridge: it6505: Initialize AUX channel in it6505i2cprobe During device boot, the HPD interrupt could be triggered before the DRM subsystem registers it6505 as a DRM bridge. In such cases, the driver tries to access AUX channe...

PT-2025-54083

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s DRM/TTM subsystem where a resource could be leaked during eviction errors, specifically those other than -EMULTIHOP. The issue was addressed by...

PT-2025-54120

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the DRM subsystem where the drm copy field function may attempt to copy a NULL pointer. This occurs when a driver has a bug and fails to set...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

PT-2025-53724

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

CVE-2025-65442

DOM-based Cross-Site Scripting XSS vulnerability in 201206030 novel V3.5.0 allows remote attackers to execute arbitrary JavaScript code or disclose sensitive information e.g., user session cookies via a crafted "wvstest" parameter in the URL or malicious script injection into window.localStorage...

SUSE SLES12: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2025:4528-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4528-1 advisory. Update to version 2.50.4. Security issues fixed: - CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due...

CVE-2025-68942

A flaw was found in Gitea. A remote attacker could exploit a Cross-Site Scripting XSS vulnerability by injecting malicious scripts into the search input box. This occurs because the application improperly uses v-html instead of v-text for rendering user input. Successful exploitation allows for t...

EUVD-2005-4893

Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graphview.php script. An authenticated user can inject arbitrary shell commands via the graphstart GET parameter, which is improperly handled during graph rendering. This flaw allows attackers to execute...

CVE-2024-29720

An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function...

CVE-2024-29720

An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function...

SUSE-SU-2025:4528-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.50.4. Security issues fixed: - CVE-2025-14174: processing maliciously crafted web content may lead to memory corruption due to improper validation bsc1255497. - CVE-2025-43501: processing maliciously crafted web content m...

Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

CVE-2025-68942

Gitea before 1.22.2 allows XSS because the search input box for creating tags and branches is v-html instead of v-text...

Sciter 安全漏洞

Sciter is a multi-platform scripting engine open-sourced by Terra Informatica Software, Inc. A security vulnerability exists in Sciter version 4.4.7.0, which stems from a flaw in the adopt component of Sciter's video rendering functionality that could allow a local attacker to obtain sensitive...