6680 matches found
Cross-site Scripting (XSS)
Overview symfony/ux-twig-component is a Twig components for Symfony Affected versions of this package are vulnerable to Cross-site Scripting XSS via the ComponentAttributes class. An attacker can manipulate HTML attribute outputs and potentially execute scripts in the context of the affected web...
webkitgtk: A malicious website may exfiltrate data cross-origin
A flaw was found in WebKitGTK. A malicious website may steal data cross-origin due to improper security checks within the web browser or rendering engine, leading to unauthorized disclosure of information...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
[SECURITY] Fedora 41 Update: webkitgtk-2.48.2-1.fc41
WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...
CVE-2025-43714
The CVE-2025-43714 entry concerns OpenAI’s ChatGPT system through 2025-03-30 where SVGs were inline-rendered instead of shown as code, enabling HTML injection in modern browsers. The root cause is the inline rendering of SVG documents (not text blocks). Reported impact is HTML injection; no expli...
CVE-2025-43714
The ChatGPT system through 2025-03-30 performs inline rendering of SVG documents instead of, for example, rendering them as text inside a code block, which enables HTML injection within most modern graphical web browsers...
OpenAI ChatGPT 安全漏洞
OpenAI ChatGPT is a text-based artificial intelligence assistant from OpenAI, Inc. Interaction takes place in the form of a dialog. A security vulnerability exists in OpenAI ChatGPT versions 2025-03-30 and earlier, which stems from improper inline rendering of SVG documents and could lead to HTML...
PT-2025-21945 · Chatgpt · Chatgpt
Name of the Vulnerable Software and Affected Versions: ChatGPT system through 2025-03-30 Description: The issue allows HTML injection within most modern graphical web browsers due to the inline rendering of SVG documents. This is instead of rendering them as text inside a code block...
Fedora 41 : webkitgtk (2025-c40948de3a)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c40948de3a advisory. Enable CSS Overscroll Behavior by default. Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thre...
[SECURITY] Fedora 42 Update: webkitgtk-2.48.2-1.fc42
WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...
Moderate: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Moderate: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...
ALSA-2025:7593 Moderate: ghostscript security update
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fixes: Ghostscript: NPDL device: Compression buffer overflow CVE-2025-27832 For more details...
Vulnerability of the `hdcp_cmd_is_read{}` structure in the drivers/gpu/drm/amd/display/dc/hdcp/hdcp_msg.c file – This is a driver for supporting Direct Rendering Infrastructure (DRI) in AMD graphics cards for Linux operating systems. It allows a hacker to trigger a service failure.
Vulnerability of the hdcpcmdisread structure in the drivers/gpu/drm/amd/display/dc/hdcp/hdcpmsg.c module – Drivers for AMD graphics cards supporting Direct Rendering Infrastructure DRI in Linux operating systems are vulnerable to a single-shift error. Exploiting this vulnerability can allow...
RLSA-2024:2979 Moderate: poppler security update
Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: NULL pointer dereference in FoFiType1C::convertToType1 CVE-2020-36024 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
webkit2gtk3 security update
An update is available for webkit2gtk3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list WebKitGTK is the port of the portable web rendering engine WebKit to the...
RLSA-2024:5305 Moderate: poppler security update
Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: pdfinfo: crash in broken documents when using -dests parameter CVE-2024-6239 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
CVE-2024-45554
Memory corruption during concurrent SSR execution due to race condition on the global maps list...
PT-2025-19842 · Qualcomm · Snapdragon +19
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to memory corruption that occurs during concurrent Server-Side Rendering SSR execution. This corruption is caused by a race condition on the global maps list...