6680 matches found
Qualcomm Chipsets 资源管理错误漏洞
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. The Qualcomm Chipsets have a resource management error vulnerability that stems from a potential memory corruption when rendering graphics using the Adreno GPU driver in Chrome...
Moderate: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...
ALSA-2025:8421 Moderate: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...
VulnCheck KEV: CVE-2025-27038
Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...
The vulnerability of Poppler’s PDF file rendering library, related to integer overflow, allows attackers to cause service interruptions.
The vulnerability of the Poppler library for displaying PDF files is related to a numerical overflow in the PSStack::roll function. Exploiting this vulnerability could allow an attacker to cause a service failure...
The vulnerability of the include() function in Twig template rendering handlers allows attackers to circumvent existing security restrictions.
The vulnerability of the include function in Twig template rendering engines is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...
The vulnerability of the adbe.pkcs7.sha1 component of the Poppler PDF rendering library allows a attacker to execute an attack by replacing it.
The vulnerability of the adbe.pkcs7.sha1 component of the Poppler PDF rendering library is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow an attacker to carry out a substitution attack...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...
SUSE-SU-2025:01720-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: - CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. - CVE-2025-31204: improper memory handling when processing certain web conte...
thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link
The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Cross-site Scripting (XSS)
Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of inline SVG files. An attacker can execute arbitrary scripts in the context of the...
GHSA-M4HF-FXCG-CP34 DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...
DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline
Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...
CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline
DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...
CVE-2024-52506
Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...
CVE-2024-3911
An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames...