6680 matches found
CVE-2025-4318
The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build...
CVE-2025-4318
CVE-2025-4318 affects the package aws-amplify/amplify-codegen-ui used with AWS Amplify Studio. The vulnerability is described as a lack of input validation in UI component property expressions, which could allow an authenticated user with access to create or modify components to execute arbitrary...
drm/vkms: Fix use after free and double free on init error
...
Open WebUI 跨站脚本漏洞
Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in versions of Open WebUI prior to 0.6.6 that stems from improper rendering of HTML tags in chat messages, which could lead to cross-site scripting...
DEBIAN-CVE-2023-53090
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix an illegal memory access In the kfdwaitonevents function, the kfdeventwaiter structure is allocated by alloceventwaiters, but the event field of the waiter structure is not initialized; When copyfromuser fails in...
UBUNTU-CVE-2022-49773
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix optc2configure warning on dcn314 Why dcn314 uses optc2configurecrc that wraps optc1configurecrc + set additional registers not applicable to dcn314. It's not critical but when used leads to warning like:...
UBUNTU-CVE-2025-37783
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix error pointers in dpuplanevirtualatomiccheck The function dpuplanevirtualatomiccheck was dereferencing pointers returned by drmatomicgetplanestate without checking for errors. This could lead to undefined behavio...
CVE-2025-37762 drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb()
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix missed dmabuf unpinning in error path of preparefb Correct error handling in preparefb to fix leaking resources when error happens...
CVE-2025-23162
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't try to trigger a full GT reset if VF VFs don't have access to the GDRST0x941c register that driver uses to reset a GT. Attempt to trigger a reset using debugfs: $ cat...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check if a worker is NULL in drmvblankdestroyworker, which could result in a null pointer...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible divide-by-zero error in drm/amd/pm...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible divide-by-zero error in drm/amd/pm...
USN-7471-1: poppler vulnerabilities
It was discovered that poppler did not properly verify adbe.pkcs7.sha1 signatures in PDF documents. An attacker could possibly use this issue to create documents with forged signatures that are treated as legitimately signed...
SUSE CVE-2025-43864
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
[SECURITY] [DLA 4141-1] poppler security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-4141-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 28, 2025 https://wiki.debian.org/LTS -...
CVE-2025-43864
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode
React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...
React Router allows a DoS via cache poisoning by forcing SPA mode
Summary After some research, it turns out that it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this...
GHSA-F46R-RW29-R322 React Router allows a DoS via cache poisoning by forcing SPA mode
Summary After some research, it turns out that it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this...
SUSE CVE-2025-46393
In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...