Cross-site Scripting (XSS)

Overview nicegui is a Create web-based user interfaces with Python. The nice way. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ui.interactiveimage component when rendering SVG content using the v-html directive without sanitization. An attacker can execute...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Proof-of-Concept This repository contains a Pr...

DEBIAN-CVE-2025-40304

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip...

UBUNTU-CVE-2025-40304

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip...

CVE-2025-40304

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip...

CVE-2025-40304 fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: fbdev: Add bounds checking in bitputcs to fix vmalloc-out-of-bounds Add bounds checking to prevent writes past framebuffer boundaries when rendering text near screen edges. Return early if the Y position is off-screen and clip...

CVE-2025-40304

CVE-2025-40304: Linux kernel fbdev rendering bounds check added for bit_putcs to prevent vmalloc-out-of-bounds writes when clipping framebuffer text at screen edges. The fix clips Y off-screen, adjusts image height, breaks on off-screen X, and updates the character count when clipping width to av...

Fedora 43 : webkitgtk (2025-b07cd2cae2)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-b07cd2cae2 advisory. Fix seeking and looping of media elements that set the loop property. Fix several crashes and rendering issues. Fix CVE-2025-13947, CVE-2025-43458,...

[SECURITY] Fedora 43 Update: webkitgtk-2.50.3-1.fc43

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

AZL-71662 CVE-2025-40289 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash...

CVE-2025-66562

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-34257

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the definedname value is stored and later rendered in the Overview page without HTML sanitization. An...

drm/amdkfd: Fix double release compute pasid

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from drm panthor not properly flushing shmem writes, which could lead to a data leak...

CVE-2025-66562

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-34258

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/devicemap/plan endpoint. When an authenticated user adds an area to a map entry, the name parameter is stored and later rendered in the map list without HTML sanitization. A...

CVE-2025-34257

Advantech WISE-DeviceOn Server versions prior to 5.4 contain a stored cross-site scripting XSS vulnerability in the /rmm/v1/action/defined endpoint. When an authenticated user creates a task, the definedname value is stored and later rendered in the Overview page without HTML sanitization. An...

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-66562

TUUI is a desktop MCP client vulnerable before version 1.3.4 to remote code execution via an unsafe XSS in the Markdown rendering component. Arbitrary JavaScript can execute within ECharts code blocks, and an exposed IPC interface that can spawn processes enables system commands on a victim’s mac...

EUVD-2025-201459

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...