6661 matches found
PYSEC-2025-154
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...
CVE-2025-13742
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML i...
drm/meson: remove drm bridges at aggregate driver unbind time
...
PT-2025-48262
Name of the Vulnerable Software and Affected Versions pretix affected versions not specified Description The software allows the use of placeholders in email templates that are populated with customer data, such as the attendee's name. If a customer's name contains HTML or Markdown formatting, th...
Cross-Site Scripting (XSS)
nicegui is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the framework not sanitizing HTML or JavaScript when rendering unescaped user input through ui.html, which allows an attacker to execute arbitrary JavaScript in a user’s browser...
PT-2025-48112
Stored Cross-Site Scripting via XML Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Stored XSS via crafted filenames injected into patchlist.xml. User-controlled filenames a...
Caido 注入漏洞
Caido is an application from Caido open source. Designed to help security professionals and enthusiasts audit web applications efficiently and easily. An injection vulnerability exists in versions prior to Caido 0.53.0 that stems from mishandling of the Markdown renderer, which could result in an...
Gitlab -- vulnerabilities
Gitlab reports: Race condition issue in CI/CD cache impacts GitLab CE/EE Denial of Service issue in JSON input validation middleware impacts GitLab CE/EE Authentication bypass issue in account registration impacts GitLab CE/EE Denial of Service issue in HTTP response processing impacts GitLab CE/...
SUSE SLES12: cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc (SUSE-SU-2025:4189-1)
The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4189-1 advisory. The SUSE Linux Enterprise 12 SP5 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2021-4460:...
Fedora 43 : webkitgtk (2025-6f3e9e3af6)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6f3e9e3af6 advisory. Prevent unsafe URI schemes from participating in media playback. Make jscvaluearraybuffergetdata function introspectable. Fix logging in to Google...
RLSA-2025:21037 Important: qt6-qtsvg security update
Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fixes: qtsvg: Use-after-free vulnerability in Qt SVG CVE-2025-10729 For more details...
EUVD-2025-198309
SOPlanning is vulnerable to Stored XSS in /groupeform endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-62296 Stored XSS in SOPlanning
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor. This issue was fixed in version 1.55...
CVE-2025-52639
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...
Cross-site Scripting (XSS)
org.opencastproject:opencast-common is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unfiltered rendering of user-supplied metadata in the paella player, which allows an attacker with write access to inject malicious HTML or JavaScript that executes in viewers’ browsers...
EUVD-2025-198064
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...
CVE-2025-52639
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...
CVE-2025-52639
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...
CVE-2025-52639 HCL Connections is vulnerable to sensitive information disclosure
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...
CVE-2025-52639 HCL Connections is vulnerable to sensitive information disclosure
HCL Connections is vulnerable to a sensitive information disclosure vulnerability which could allow a user to obtain sensitive information they are not entitled to, caused by improper rendering of application data...