Lucene search
K

6682 matches found

Github Security Blog
Github Security Blog
added 2025/07/14 9:40 p.m.10 views

XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

Impact The XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks that permit the insertion of arbitrary HTML content including JavaScript. This allows XSS attacks for users who can edit a document like their user profile enabled by default. The attack works ...

9CVSS5.8AI score0.00325EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/07/14 9:40 p.m.9 views

GHSA-W3WH-G4M9-783P XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

Impact The XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks that permit the insertion of arbitrary HTML content including JavaScript. This allows XSS attacks for users who can edit a document like their user profile enabled by default. The attack works ...

9CVSS5.9AI score0.00325EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/14 12:0 a.m.4 views

PT-2025-50550

Name of the Vulnerable Software and Affected Versions XWiki versions 16.10.9 and below, 17.0.0-rc-1 through 17.4.2, and 17.5.0-rc-1 through 17.5.0 Description The XWiki Rendering system lacks sufficient protection against /html injection. This allows attackers to achieve remote code execution RCE...

9CVSS8.2AI score0.0086EPSS
Exploits1References12
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.2 views

XWiki Rendering 安全漏洞

XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering versions prior to 4.2-milestone-1, prior to 13.10.11, prior to...

9.9CVSS6.5AI score0.00525EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/07/14 12:0 a.m.3 views

XWiki Rendering 安全漏洞

XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering versions prior to 5.4.5 through 14.10, which stems from the XHTML...

9CVSS5.8AI score0.00325EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.2 views

drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1

...

5.5CVSS6.8AI score0.00129EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.4 views

drm/amd/display: check stream id dml21 wrapper to get plane_id

...

7.8CVSS7AI score0.00142EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.3 views

drm/amd/pm: Prevent division by zero

...

5.5CVSS7.2AI score0.00165EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.0 views

drm/amd/pm: Prevent division by zero

...

5.5CVSS7.2AI score0.00165EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.10 views

Amazon Linux 2023 : tigervnc, tigervnc-icons, tigervnc-license (ALAS2023-2025-1060)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1060 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and...

7.8CVSS6.4AI score0.00361EPSS
Exploits0References14
Amazon
Amazon
added 2025/07/10 12:0 a.m.8 views

Medium: tigervnc

Issue Overview: A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash. CVE-2025-49175 A flaw was found in the Big Requests extension. The reque...

7.8CVSS6.8AI score0.00361EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.9 views

Amazon Linux 2023 : xorg-x11-server-common, xorg-x11-server-devel, xorg-x11-server-source (ALAS2023-2025-1061)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1061 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and...

7.8CVSS6.4AI score0.00361EPSS
Exploits0References14
Tenable Nessus
Tenable Nessus
added 2025/07/10 12:0 a.m.9 views

Amazon Linux 2 : tigervnc (ALAS-2025-2917)

The version of tigervnc installed on the remote host is prior to 1.8.0-24. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2917 advisory. A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the serve...

7.8CVSS6.4AI score0.00299EPSS
Exploits0References12
Tenable Nessus
Tenable Nessus
added 2025/07/09 12:0 a.m.5 views

RHEL 9 : kernel (RHSA-2025:10701)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10701 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: usb: hub: Guard against...

7.8CVSS7.1AI score0.0027EPSS
Exploits0References39
RedHat Linux
RedHat Linux
added 2025/07/07 12:25 p.m.4 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

6.1CVSS5.7AI score0.00279EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/07/07 8:13 a.m.5 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

6.1CVSS5.7AI score0.00279EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/07/07 7:29 a.m.6 views

Important: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support - EXTENSION. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.8CVSS6.9AI score0.00299EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/07/07 7:28 a.m.5 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

6.1CVSS5.7AI score0.00279EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/07/07 7:26 a.m.8 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

6.1CVSS5.7AI score0.00279EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/07/07 7:26 a.m.4 views

xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash...

6.1CVSS5.7AI score0.00279EPSS
Exploits0References7
Rows per page
Query Builder