Lucene search
K

6685 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:34 a.m.7 views

CVE-2023-48302

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

5.4CVSS6.7AI score0.00571EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:5 a.m.7 views

CVE-2023-37908

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. The cleaning of attributes during XHTML rendering, introduced in version 14.6-rc-1, allowed the injection of arbitrary HTML code and thus cross-site scripting via invalid attribute...

9.6CVSS6.7AI score0.01058EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:50 a.m.5 views

CVE-2023-32763

An issue was discovered in Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.1. When a SVG file with an image inside it is rendered, a QTextLayout buffer overflow can be triggered...

7.5CVSS7.2AI score0.01287EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.7 views

CVE-2023-32070

XWiki Platform is a generic wiki platform. Prior to version 14.6-rc-1, HTML rendering didn't check for dangerous attributes/attribute values. This allowed cross-site scripting XSS attacks via attributes and link URLs, e.g., supported in XWiki syntax. This has been patched in XWiki 14.6-rc-1. Ther...

9CVSS5.6AI score0.00652EPSS
Exploits0References1
Fedora
Fedora
added 2025/05/23 3:26 a.m.8 views

[SECURITY] Fedora 42 Update: ghostscript-10.05.1-1.fc42

This package provides useful conversion utilities based on Ghostscript softwa re, for converting PS, PDF and other document formats between each other. Ghostscript is a suite of software providing an interpreter for Adobe Systems' PostScript PS and Portable Document Format PDF page description...

4.5CVSS7AI score0.00155EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:31 a.m.5 views

CVE-2023-1709

Datalogics Library APDFLThe v18.0.4PlusP1e and prior contains a stack-based buffer overflow due to documents containing corrupted fonts, which could allow an attack that causes an unhandled crash during the rendering process...

7.8CVSS7.3AI score0.00261EPSS
Exploits0References1
NVD
NVD
added 2025/05/23 2:15 a.m.12 views

CVE-2025-5099

An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution...

9.8CVSS0.00576EPSS
Exploits1References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/23 1:30 a.m.4 views

Malicious code in node-window-rendering (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware befb1266ed27dcb7e09a8725163d0f8ca44b89e36ee02b3bc3bf904d312e230a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/05/23 1:30 a.m.1 views

MAL-2025-4382 Malicious code in node-window-rendering (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware befb1266ed27dcb7e09a8725163d0f8ca44b89e36ee02b3bc3bf904d312e230a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 1:11 a.m.5 views

CVE-2022-36037

kirby is a content management system CMS that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting XSS is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel,...

5.9CVSS6.1AI score0.00694EPSS
Exploits0
Cvelist
Cvelist
added 2025/05/23 1:5 a.m.14 views

CVE-2025-5099 KL-001-2025-004: Mobile Dynamix PrinterShare Mobile Print Out-of-bounds Write

An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution...

0.00576EPSS
Exploits1References1
CVE
CVE
added 2025/05/23 1:5 a.m.58 views

CVE-2025-5099

CVE-2025-5099 affects Mobile Dynamix PrinterShare Mobile Print (Android). The KoreLogic advisory KL-001-2025-004 states an Out-of-Bounds Write in the native library during PDF rendering (libpdfrender.so) can cause memory corruption and potentially arbitrary code execution. Affected version: up to...

9.8CVSS7.5AI score0.00576EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 1:2 a.m.6 views

CVE-2022-4862

Rendering of HTML provided by another authenticated user is possible in browser on M-Files Web before 22.12.12140.3. This allows the content to steal user sensitive information. This issue affects M-Files New Web: before 22.12.12140.3...

7.6CVSS6.4AI score0.00358EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/23 12:0 a.m.3 views

Mobile Dynamix PrinterShare Mobile Print 安全漏洞

Foxit PDF Reader is a software for reading and working with PDF documents. A memory corruption vulnerability exists in Foxit PDF Reader. The vulnerability stems from an out-of-bounds write to the native library when attempting PDF rendering, resulting in memory corruption. An attacker can exploit...

9.8CVSS8AI score0.00576EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/23 12:0 a.m.4 views

PT-2025-22572 · Mobile Dynamix · Printershare Mobile Print

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution. Recommendations: A...

9.8CVSS6.9AI score0.00576EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.9 views

The vulnerability of the panthor_ioctl_groupdestroy() function in the DRI driver of the Linux operating system allows a malicious actor to cause a service failure.

The vulnerability of the panthorioctlgroupdestroy function in the DRI driver of the Linux operating system’s kernel is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a attacker to cause a service failure...

5.5CVSS5.9AI score0.002EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.10 views

The vulnerability of the CalculateSwathAndDETConfiguration() function in the DRI driver for AMD GPU-based Linux operating systems allows a malicious actor to trigger a service failure.

The vulnerability of the CalculateSwathAndDETConfiguration function in the DRI driver for AMD kernel-based Linux operating systems is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00192EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.7 views

The vulnerability of the resource_log_pipe_topology_update() function in the DRI driver for AMD GPU-based Linux operating system allows a malicious actor to trigger a service failure.

The vulnerability of the resourcelogpipetopologyupdate function in the Direct Rendering Infrastructure DRI driver for AMD graphics cards in Linux operating systems is related to pointer manipulation. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.6AI score0.00192EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.5 views

The vulnerability of the `acquire_otg_master_pipe_for_stream()` function in the DRI support driver for AMD graphics cards in Linux operating systems allows a hacker to trigger a service failure.

The vulnerability of the acquireotgmasterpipeforstream function in the DRI support driver for AMD graphics cards in Linux operating systems is related to a countable amount of significance loss. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.4AI score0.00192EPSS
Exploits0References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/23 12:0 a.m.9 views

The vulnerability of the pvr_vm_gpuva_unmap() function in the DRI driver of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the pvrvmgpuvaunmap function in the DRI support driver for the Linux kernel relates to improper memory release before deleting the last pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS7AI score0.00188EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder