Mintlify 安全漏洞

Mintlify is an AI-driven documentation platform from US-based Mintlify. A security vulnerability exists in versions of Mintlify prior to 2025-11-15 that stems from server-side template injection in the MDX Rendering Engine and could lead to the execution of arbitrary code...

PT-2025-52433

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Trusted Certificates feature. A crafted payload can be injected as the certificate name, which is later rendered into the DOM without proper sanitization. As a result, the injected script executes each time t...

PT-2025-52431

A stored cross-site scripting XSS vulnerability exists in pdfonline.foxit.com within the Layer Import functionality. A crafted payload can be injected into the “Create new Layer” field during layer import and is later rendered into the DOM without proper sanitization. As a result, the injected...

Fedora 43 : webkitgtk (2025-96a708ea95)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-96a708ea95 advisory. Correctly handle the program name passed to the sleep disabler. Ensure GStreamer is initialized before using the Quirks. Fix several crashes and...

CVE-2025-14202

A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin user views the SVG file with embedded JavaScript code of shared bookmark, JavaScript executes in the admin’s browser,...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNet.Mvc5.Libraries is an assemblies required to use the Kentico Xperience API in class libraries developed for ASP.NET MVC 5 applications. Does not include content items or other modifications intended for the MVC web application itself. Affected versions of this...

Cross-site Scripting (XSS)

Overview Kentico.Xperience.AspNetCore.WebApp is an assemblies and content items required to integrate Kentico Xperience into ASP.NET Core applications. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the CheckBox.cshtml view rendering. An attacker can execute...

PT-2025-52404

Name of the Vulnerable Software and Affected Versions Mintlify Platform versions prior to 2025-11-15 Description A Server-Side Template Injection SSTI flaw exists in the MDX Rendering Engine of Mintlify Platform. This issue allows remote attackers to execute arbitrary code through inline JSX...

CVE-2025-14202 Cross-Site Request Forgery (CSRF) Leading to Account Takeover via SVG File Upload

A vulnerability in the file upload at bookmark + asset rendering pipeline allows an attacker to upload a malicious SVG file with JavaScript content. When an authenticated admin user views the SVG file with embedded JavaScript code of shared bookmark, JavaScript executes in the admin’s browser,...

[SECURITY] Fedora 43 Update: assimp-6.0.2-4.fc43

Assimp, the Open Asset Import Library, is a free library to import various well-known 3D model formats into applications. Assimp aims to provide a full asset conversion pipeline for use in game engines and real-time rendering systems, but is not limited to these applications...

CVE-2025-67744

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

UBUNTU-CVE-2025-68314

In the Linux kernel, the following vulnerability has been resolved: drm/msm: make sure lastfence is always updated Update lastfence in the vm-bind path instead of kernel managed path. lastfence is used to wait for work to finish in vmbind contexts but not used for kernel managed contexts. This...

CVE-2025-68314 drm/msm: make sure last_fence is always updated

In the Linux kernel, the following vulnerability has been resolved: drm/msm: make sure lastfence is always updated Update lastfence in the vm-bind path instead of kernel managed path. lastfence is used to wait for work to finish in vmbind contexts but not used for kernel managed contexts. This...

CVE-2025-68314 drm/msm: make sure last_fence is always updated

In the Linux kernel, the following vulnerability has been resolved: drm/msm: make sure lastfence is always updated Update lastfence in the vm-bind path instead of kernel managed path. lastfence is used to wait for work to finish in vmbind contexts but not used for kernel managed contexts. This...

EUVD-2025-203689

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind operation. cherry pick...

CVE-2025-40360

In the Linux kernel, the following vulnerability has been resolved: drm/sysfb: Do not dereference NULL pointer in plane reset The plane state in drmgemresetshadowplane can be NULL. Do not deref that pointer, but forward NULL to the other plane-reset helpers. Clears plane-state to NULL. v2: - fix...

CVE-2025-67744

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

EUVD-2025-203488

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...

DeepChat 代码注入漏洞

DeepChat is an intelligent assistant open-sourced by ThinkInAIXYZ. A code injection vulnerability exists in DeepChat versions prior to 0.5.3, which stems from a cross-site scripting issue in the Mermaid chart rendering component that could lead to remote code execution...

Inaba Denki Sangyo CHOCO TEI WATCHER mini 安全漏洞

Inaba Denki Sangyo CHOCO TEI WATCHER mini is a series of surveillance cameras from Inaba Denki Sangyo. A security vulnerability exists in Inaba Denki Sangyo CHOCO TEI WATCHER mini, which stems from an improperly restricted rendering UI layer or framework, which could result in the execution of...