Lucene search
K

6680 matches found

Snyk
Snyk
added 2025/05/19 10:24 p.m.1 views

Cross-site Scripting (XSS)

Overview symfony/ux-twig-component is a Twig components for Symfony Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ComponentAttributes class. An attacker can manipulate HTML attribute outputs and potentially execute scripts in the context of the affected web...

6.1CVSS5.4AI score0.00212EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/05/19 6:29 p.m.4 views

webkitgtk: A malicious website may exfiltrate data cross-origin

A flaw was found in WebKitGTK. A malicious website may steal data cross-origin due to improper security checks within the web browser or rendering engine, leading to unauthorized disclosure of information...

6.5CVSS5.7AI score0.00383EPSS
Exploits0References5
NVD
NVD
added 2025/05/19 3:15 p.m.5 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

6.5CVSS0.0038EPSS
Exploits1References1
OSV
OSV
added 2025/05/19 3:15 p.m.4 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

6.5CVSS5.8AI score0.0038EPSS
Exploits1References1
Fedora
Fedora
added 2025/05/19 1:33 a.m.9 views

[SECURITY] Fedora 41 Update: webkitgtk-2.48.2-1.fc41

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

8.8CVSS6.9AI score0.01028EPSS
Exploits0
CVE
CVE
added 2025/05/19 12:0 a.m.59 views

CVE-2025-43714

The CVE-2025-43714 entry concerns OpenAI’s ChatGPT system through 2025-03-30 where SVGs were inline-rendered instead of shown as code, enabling HTML injection in modern browsers. The root cause is the inline rendering of SVG documents (not text blocks). Reported impact is HTML injection; no expli...

6.5CVSS7.3AI score0.0038EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/19 12:0 a.m.9 views

CVE-2025-43714

The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...

0.0038EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/19 12:0 a.m.3 views

OpenAI ChatGPT 安全漏洞

OpenAI ChatGPT is a text-based artificial intelligence assistant from OpenAI, Inc. Interaction takes place in the form of a dialog. A security vulnerability exists in OpenAI ChatGPT versions 2025-03-30 and earlier, which stems from improper inline rendering of SVG documents and could lead to HTML...

6.5CVSS6.5AI score0.0038EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/05/19 12:0 a.m.4 views

PT-2025-21945 · Chatgpt · Chatgpt

Name of the Vulnerable Software and Affected Versions: ChatGPT system through 2025-03-30 Description: The issue allows HTML injection within most modern graphical web browsers due to the inline rendering of SVG documents. This is instead of rendering them as text inside a code block...

6.5CVSS6.7AI score0.0038EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/05/19 12:0 a.m.7 views

Fedora 41 : webkitgtk (2025-c40948de3a)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c40948de3a advisory. Enable CSS Overscroll Behavior by default. Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thre...

8.8CVSS7.1AI score0.01028EPSS
Exploits0References7
Fedora
Fedora
added 2025/05/17 2:3 a.m.19 views

[SECURITY] Fedora 42 Update: webkitgtk-2.48.2-1.fc42

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

8.8CVSS6.9AI score0.01028EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/05/14 12:40 p.m.8 views

Moderate: Red Hat Security Advisory: ghostscript security update

An update for ghostscript is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

9.8CVSS7AI score0.00806EPSS
Exploits0References2
AlmaLinux
AlmaLinux
added 2025/05/14 12:0 a.m.6 views

Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...

9.8CVSS7.9AI score0.00806EPSS
Exploits0References4
OSV
OSV
added 2025/05/14 12:0 a.m.9 views

ALSA-2025:7593 Moderate: ghostscript security update

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...

9.8CVSS7.3AI score0.00806EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.5 views

Vulnerability of the `hdcp_cmd_is_read{}` structure in the drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c file – This is a driver for supporting Direct Rendering Infrastructure (DRI) in AMD graphics cards for Linux operating systems. It allows a hacker to trigger a service failure.

Vulnerability of the hdcpcmdisread structure in the drivers/gpu/drm/amd/display/dc/hdcp/hdcpmsg.c module – Drivers for AMD graphics cards supporting Direct Rendering Infrastructure DRI in Linux operating systems are vulnerable to a single-shift error. Exploiting this vulnerability can allow...

7.8CVSS6.6AI score0.00245EPSS
Exploits0References14Affected Software1
OSV
OSV
added 2025/05/07 7:11 p.m.5 views

RLSA-2024:2979 Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: NULL pointer dereference in FoFiType1C::convertToType1 CVE-2020-36024 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...

5.5CVSS6.8AI score0.00517EPSS
Exploits1References2
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.7 views

webkit2gtk3 security update

An update is available for webkit2gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...

10CVSS9.6AI score0.0424EPSS
Exploits4
OSV
OSV
added 2025/05/07 7:11 p.m.3 views

RLSA-2024:5305 Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: pdfinfo: crash in broken documents when using -dests parameter CVE-2024-6239 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7.5CVSS8AI score0.00785EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2025/05/06 9:15 a.m.2 views

CVE-2024-45554

Memory corruption during concurrent SSR execution due to race condition on the global maps list...

7.8CVSS6AI score0.00088EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/05/06 12:0 a.m.6 views

PT-2025-19842 · Qualcomm · Snapdragon +19

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to memory corruption that occurs during concurrent Server-Side Rendering SSR execution. This corruption is caused by a race condition on the global maps list...

7.8CVSS6.3AI score0.00088EPSS
Exploits0References6
Rows per page
Query Builder