6660 matches found
CVE-2024-29720
An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function...
CVE-2024-29720
CVE-2024-29720 concerns Sciter v4.4.7.0 from Terra Informatica Software. The vulnerability stems from the adopt component of Sciter's video rendering function, allowing a local attacker to obtain sensitive information. Affected product: Sciter 4.4.7.0; root cause: flaw in adopt path of video rend...
EUVD-2024-26718
An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function...
PT-2025-53597
Name of the Vulnerable Software and Affected Versions Sciter version 4.4.7.0 Description An issue exists that allows a local attacker to obtain sensitive information through the adopt component of the Sciter video rendering function. Recommendations At the moment, there is no information about a...
CVE-2024-29720
An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sensitive information via the adopt component of the Sciter video rendering function...
SUSE CVE-2023-54091
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drmclienttargetcloned dmtmode is allocated and never freed in this function. It was found with the ast driver, but most drivers using generic fbdev setup are probably affected. This fixes the...
Apache Airflow Information Disclosure Vulnerability (CNVD-2026-00003)
Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow suffers from an information disclosure vulnerability th...
CVE-2023-54018
CVE-2023-54018 — Linux kernel : The vulnerability resides in drm/msm/hdmi where alloc_ordered_workqueue may return NULL. The code fails to check this return value, leading to NULL pointer dereferences in hdmi_hdcp.c and hdmi_hpd.c. Public docs (Linux kernel patch notes and vendor advisories such ...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drmclienttargetcloned function not freeing dmtmode, which could lead to a memory leak...
CVE-2025-68669 5ire vulnerable to Remote Code Execution (RCE) via mermaid
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits...
PT-2025-52863
Name of the Vulnerable Software and Affected Versions 5ire versions 0.15.2 and prior Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A remote code execution issue exists in the useMarkdown.ts file due to the markdown-it-mermaid...
CVE-2025-68326
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stackdepot usage Add missing stackdepotinit call when CONFIGDRMXEDEBUGGUC is enabled to fix the following call stack: BUG: kernel NULL pointer dereference, address: 0000000000000000 Workqueue: drmschedrunjobwork...
RHEL 8 : webkit2gtk3 (RHSA-2025:23742)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23742 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkit: WebKitGTK / WPE WebKit:...
📄 Adobe DNG SDK Missing Validation Out-Of-Bounds Read
An out of bounds read vulnerability exists in Adobe DNG SDK versions prior to 1.7.1.2410 due to improper handling of raw images containing exactly two color planes fSrcPlanes = 2. The flaw occurs during image rendering when the SDK assumes a four-plane layout and reads memory beyond the allocated...
CVE-2025-66501
A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Predefined Text feature of the Foxit eSign section. A crafted payload can be stored via the Identity “First Name” field, which is later rendered into the DOM without proper sanitization. As a result, the...
CVE-2025-67843
A Server-Side Template Injection SSTI vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file...
CVE-2025-66580
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...
CVE-2025-66580 Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...
CVE-2025-66580 Dive has Cross-Site Scripting vulnerability that can escalate to Remote Code Execution
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting XSS vulnerability exists in versions prior to 0.11.1 in the Mermaid diagram rendering component. The application allows the execution of arbitrary...
CVE-2025-66580
CVE-2025-66580 affects the Dive open-source MCP Host Desktop Application. Versions prior to 0.11.1 contain a critical Stored Cross-Site Scripting (XSS) vulnerability in the Mermaid diagram rendering component that allows execution of arbitrary JavaScript via the javascript: URI. An attacker could...