Lucene search
K

6680 matches found

CNNVD
CNNVD
added 2025/06/03 12:0 a.m.4 views

Qualcomm Chipsets 资源管理错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. The Qualcomm Chipsets have a resource management error vulnerability that stems from a potential memory corruption when rendering graphics using the Adreno GPU driver in Chrome...

7.5CVSS9.1AI score0.00802EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2025/06/03 12:0 a.m.2 views

Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...

9.8CVSS8.1AI score0.00806EPSS
Exploits0References4
OSV
OSV
added 2025/06/03 12:0 a.m.5 views

ALSA-2025:8421 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...

9.8CVSS8.2AI score0.00806EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2025/06/02 12:0 a.m.3 views

VulnCheck KEV: CVE-2025-27038

Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome...

7.5CVSS5.8AI score0.00802EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/05/29 10:57 p.m.4 views

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

8.1CVSS7.5AI score0.00363EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/29 9:30 p.m.3 views

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

8.1CVSS7.5AI score0.00363EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2025/05/29 12:38 p.m.2 views

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...

8.8CVSS8.2AI score0.01198EPSS
Exploits0References36
BDU FSTEC
BDU FSTEC
added 2025/05/28 12:0 a.m.5 views

The vulnerability of Poppler’s PDF file rendering library, related to integer overflow, allows attackers to cause service interruptions.

The vulnerability of the Poppler library for displaying PDF files is related to a numerical overflow in the PSStack::roll function. Exploiting this vulnerability could allow an attacker to cause a service failure...

4CVSS6.6AI score0.00216EPSS
Exploits1References13Affected Software8
BDU FSTEC
BDU FSTEC
added 2025/05/28 12:0 a.m.5 views

The vulnerability of the include() function in Twig template rendering handlers allows attackers to circumvent existing security restrictions.

The vulnerability of the include function in Twig template rendering engines is related to a breach of data protection mechanisms. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions remotely...

8.6CVSS7.7AI score0.00826EPSS
Exploits0References7Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/05/28 12:0 a.m.4 views

The vulnerability of the adbe.pkcs7.sha1 component of the Poppler PDF rendering library allows a attacker to execute an attack by replacing it.

The vulnerability of the adbe.pkcs7.sha1 component of the Poppler PDF rendering library is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow an attacker to carry out a substitution attack...

4.3CVSS5.8AI score0.00092EPSS
Exploits0References12Affected Software7
SUSE Linux
SUSE Linux
added 2025/05/27 1:54 p.m.2 views

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. CVE-2025-31204: improper memory handling when processing certain web content m...

8.8CVSS7.5AI score0.01028EPSS
Exploits0References32
OSV
OSV
added 2025/05/27 1:54 p.m.1 views

SUSE-SU-2025:01720-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.48.2. Security issues fixed: - CVE-2025-31205: lack of checks may lead to cross-origin data exfiltration through a malicious website bsc1243282. - CVE-2025-31204: improper memory handling when processing certain web conte...

8.8CVSS7.1AI score0.01028EPSS
Exploits0References17
RedHat Linux
RedHat Linux
added 2025/05/27 12:28 p.m.4 views

thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link

The Mozilla Foundation's Security Advisory describes the following issue: Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to...

8.1CVSS7.5AI score0.00363EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/05/27 7:26 a.m.28 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS6.5AI score0.0079EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/23 4:58 p.m.1 views

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the rendering of inline SVG files. An attacker can execute arbitrary scripts in the context of the...

6.1CVSS5.5AI score0.00244EPSS
Exploits0References2
OSV
OSV
added 2025/05/23 4:58 p.m.3 views

GHSA-M4HF-FXCG-CP34 DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...

6.1CVSS6.2AI score0.00244EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/05/23 4:58 p.m.16 views

DNN allows Stored Cross-Site Scripting (XSS) with svg files rendered inline

Uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks...

6.1CVSS6AI score0.00244EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2025/05/23 3:39 p.m.47 views

CVE-2025-48378 Dnn.Platform vulnerable to Stored Cross-Site Scripting (XSS) with svg files rendered inline

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue...

6.1CVSS0.00244EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:38 a.m.5 views

CVE-2024-52506

Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included i...

7.1CVSS6.4AI score0.00624EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:19 a.m.6 views

CVE-2024-3911

An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames...

6.5CVSS7.2AI score0.00456EPSS
Exploits0
Rows per page
Query Builder