Fedora 41 : webkitgtk (2025-04c193ecfe)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-04c193ecfe advisory. Update to WebKitGTK 2.50.1: Improve text rendering performance. Fix audio playback broken on instagram. Fix rendering of layers with fractional transforms. F...

CVE-2025-47932

Combodo iTop (web-based IT service management) is affected. Affected versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when rendering dashboards via AJAX. Root cause: insufficient sanitization of the variable used during the dashboard render. The issue is addressed in vers...

CVE-2025-47773 Combodo iTop has XSS vulnerability in /pages/ajax.render.php

Combodo iTop is a web based IT service management tool. Versions prior to 2.7.13 and 3.2.2 are vulnerable to cross-site scripting when a dashboard is edited via an AJAX call. Versions 2.7.13 and 3.2.2 protect rendered HTML content...

PT-2025-46185

Name of the Vulnerable Software and Affected Versions Combodo iTop versions prior to 2.7.13 and 3.2.2 Description Combodo iTop, a web-based IT service management tool, is susceptible to a cross-site scripting issue when a dashboard is rendered via an AJAX call. The issue occurs when rendering a...

CVE-2025-63714

Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...

CVE-2025-63714

Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...

CVE-2025-63714

Cross-Site Scripting XSS vulnerability in SourceCodester User Account Generator 1.0 allows remote attackers to execute arbitrary JavaScript code in the context of the user's browser session via crafted input in the Username Prefix field. The vulnerability exists due to improper sanitization of...

CVE-2025-63713

Cross-Site Scripting XSS vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test...

CVE-2025-63714

SourceCodester User Account Generator 1.0 contains a Cross‑Site Scripting (XSS) vulnerability in the Username Prefix field. The root cause is improper sanitization of user input when rendering generated account data to the DOM, allowing persistent injection of malicious HTML elements that execute...

Fedora 43 : webkitgtk (2025-452a101260)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-452a101260 advisory. Update to WebKitGTK 2.50.1: Improve text rendering performance. Fix audio playback broken on instagram. Fix rendering of layers with fractional transforms. F...

[SECURITY] Fedora 42 Update: qt5-qtsvg-5.15.18-1.fc42

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

[SECURITY] Fedora 42 Update: qt5-qt3d-5.15.18-1.fc42

Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in both Qt C++ and Qt Quick applications...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989423)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989423 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference In tpg110getmodes, the return...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990198)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990198 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/dispnv04: fix null pointer dereference in nv17tvgetldmodes In nv17tvgetldmodes, the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990311)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990311 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/komeda: check for error-valued pointer komedapipelinegetstate may return an error-valued...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988974)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988974 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Return error code in mdp5mixerrelease when deadlock is detected There is a...

Cross-site Scripting (XSS)

@lobehub/cha is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to unsafe SVG rendering due to SVGRenderer using dangerouslySetInnerHTML for image/svg+xml lobeArtifact content. An attacker can inject malicious SVGs via chat messages...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: Signal scheduling fence when killing a job When an entity from application B is killed, the function drmschedentitykill removes all jobs belonging to that entity through drmschedentitykilljobswork. If the job of...

EUVD-2025-37401

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...

CVE-2025-62618

ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or...