NiceGUI has a Reflected XSS

Summary A Cross-Site Scripting XSS risk exists in NiceGUI when developers render unescaped user input into the DOM using ui.html. Before version 3.0, NiceGUI does not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.input with ui.html without...

UBUNTU-CVE-2025-10728

When the module renders a Svg file that contains a element, it might end up rendering it recursively leading to stack overflow DoS...

drm/amdkfd: range check cp bad op exception interrupts

...

[SECURITY] Fedora 43 Update: webkitgtk-2.50.0-2.fc43

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

Qt 安全漏洞

Qt is a cross-platform application development framework from the Qt open source. A security vulnerability exists in Qt that stems from possible recursive rendering when rendering Svg files containing pattern elements, which could lead to a stack overflow denial of service...

PT-2025-40459

Name of the Vulnerable Software and Affected Versions Cursor versions 1.6 and below Description Cursor, a code editor for programming with AI, has an issue where Mermaid, used for rendering diagrams, allows embedding images. This can be exploited to exfiltrate sensitive information to a third-par...

Fedora 43 : webkitgtk (2025-793513dcf7)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-793513dcf7 advisory. Update to 2.50.0: Improved rendering performance by recording each layer once and replaying every dirty region in different worker threads. Enable damage...

GHSA-HG3J-6PMH-MVJR Fiora chat user avatar is vulnerable to XSS via SVG files

Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows arbitrary JavaScript execution when malicious SVG files are rendered by other users...

UBUNTU-CVE-2022-50440

In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimensions of the copybox...

PT-2025-40122

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s DRM/MSM/HDMI subsystem. Specifically, a missing sanity check on the bridge counter can lead to memory corruption when there are more than eight bridge...

CVE-2025-56514

Cross Site Scripting XSS vulnerability in Fiora chat application 1.0.0 allows executes arbitrary JavaScript when malicious SVG files are rendered by other users...

RHEL 8 : kernel (RHSA-2025:17009)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17009 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/vkms: Fix use after free...

PT-2025-39839

Name of the Vulnerable Software and Affected Versions Mealie versions prior to 3.0.1 Description The software is susceptible to Cross-Site Scripting XSS within the recipe creation feature. User-provided data in the "note" and "text" fields is not adequately sanitized before being displayed on the...

Linux Distros Unpatched Vulnerability : CVE-2025-55780

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A null pointer dereference occurs in the function breakwordforoverflowwrap in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function...

CVE-2025-59842

jupyterlab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook Architecture. Prior to version 4.4.8, links generated with LaTeX typesetters in Markdown files and Markdown cells in JupyterLab and Jupyter Notebook did not include the noopener...

MAL-2025-47634 Malicious code in com.unity.rendering.hybrid (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in com.unity.rendering.hybrid (npm)

--- -= Per source details. Do not edit below this line.=-...

CVE-2025-60249

CVE-2025-60249 affects vulnerability-lookup 2.16.0 and enables XSS via Bundles, Comments, and Sightings components (bundle.py, comment.py, user.py). The root cause is unsafe handling of user-supplied input, with untrusted data rendered in templates/tables due to innerHTML usage and insufficient v...

CVE-2025-59821 DNN vulnerable to Reflected Cross-Site Scripting (XSS) using url to profile

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, DNN’s URL/path handling and template rendering can allow specially crafted input to be reflected into a user profile that is returned to the browser. In these cases,...

CVE-2025-55780

A null pointer dereference occurs in the function breakwordforoverflowwrap in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fzhtmlsplitflow to split a FLOWWORD node, but does not check if node-next is valid before accessing node-next-overflowwrap, resulti...