Lucene search
K

6680 matches found

OSV
OSV
added 2025/05/05 7:15 p.m.4 views

CVE-2025-4318

The AWS Amplify Studio UI component property expressions in the aws-amplify/amplify-codegen-ui package lack input validation. This could potentially allow an authenticated user who has access to create or modify components to run arbitrary JavaScript code during the component rendering and build...

9.5CVSS7AI score0.01003EPSS
Exploits0References5
CVE
CVE
added 2025/05/05 6:16 p.m.68 views

CVE-2025-4318

CVE-2025-4318 affects the package aws-amplify/amplify-codegen-ui used with AWS Amplify Studio. The vulnerability is described as a lack of input validation in UI component property expressions, which could allow an authenticated user with access to create or modify components to execute arbitrary...

9.5CVSS6.6AI score0.01003EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/05/05 7:0 a.m.7 views

drm/vkms: Fix use after free and double free on init error

...

7.8CVSS7.4AI score0.00171EPSS
Exploits0
CNNVD
CNNVD
added 2025/05/05 12:0 a.m.4 views

Open WebUI 跨站脚本漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI open source. A cross-site scripting vulnerability exists in versions of Open WebUI prior to 0.6.6 that stems from improper rendering of HTML tags in chat messages, which could lead to cross-site scripting...

6.4CVSS6.8AI score0.00431EPSS
Exploits1References4
OSV
OSV
added 2025/05/02 4:15 p.m.1 views

DEBIAN-CVE-2023-53090

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix an illegal memory access In the kfdwaitonevents function, the kfdeventwaiter structure is allocated by alloceventwaiters, but the event field of the waiter structure is not initialized; When copyfromuser fails in...

7.1CVSS5.5AI score0.00164EPSS
Exploits0References1
OSV
OSV
added 2025/05/01 3:16 p.m.1 views

UBUNTU-CVE-2022-49773

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix optc2configure warning on dcn314 Why dcn314 uses optc2configurecrc that wraps optc1configurecrc + set additional registers not applicable to dcn314. It's not critical but when used leads to warning like:...

5.5CVSS6.1AI score0.0014EPSS
Exploits0References5
OSV
OSV
added 2025/05/01 2:15 p.m.2 views

UBUNTU-CVE-2025-37783

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix error pointers in dpuplanevirtualatomiccheck The function dpuplanevirtualatomiccheck was dereferencing pointers returned by drmatomicgetplanestate without checking for errors. This could lead to undefined behavio...

5.7CVSS5.8AI score0.0013EPSS
Exploits0References8
OSV
OSV
added 2025/05/01 1:7 p.m.4 views

CVE-2025-37762 drm/virtio: Fix missed dmabuf unpinning in error path of prepare_fb()

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix missed dmabuf unpinning in error path of preparefb Correct error handling in preparefb to fix leaking resources when error happens...

5.5CVSS6.5AI score0.0014EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/05/01 12:55 p.m.8 views

CVE-2025-23162

In the Linux kernel, the following vulnerability has been resolved: drm/xe/vf: Don't try to trigger a full GT reset if VF VFs don't have access to the GDRST0x941c register that driver uses to reset a GT. Attempt to trigger a reset using debugfs: $ cat...

5.5CVSS5.4AI score0.00148EPSS
Exploits0
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check if a worker is NULL in drmvblankdestroyworker, which could result in a null pointer...

5.5CVSS6.3AI score0.00176EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.2 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible divide-by-zero error in drm/amd/pm...

5.5CVSS6.5AI score0.00161EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/05/01 12:0 a.m.4 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible divide-by-zero error in drm/amd/pm...

5.5CVSS6.5AI score0.00169EPSS
Exploits0References8
Ubuntu
Ubuntu
added 2025/04/29 10:23 p.m.65 views

USN-7471-1: poppler vulnerabilities

It was discovered that poppler did not properly verify adbe.pkcs7.sha1 signatures in PDF documents. An attacker could possibly use this issue to create documents with forged signatures that are treated as legitimately signed...

4.3CVSS5AI score0.00092EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2025/04/28 2:36 p.m.3 views

SUSE CVE-2025-43864

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS8.2AI score0.23628EPSS
Exploits0References3
Debian
Debian
added 2025/04/28 9:42 a.m.56 views

[SECURITY] [DLA 4141-1] poppler security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4141-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk April 28, 2025 https://wiki.debian.org/LTS -...

7.1CVSS7.3AI score0.00959EPSS
Exploits9
NVD
NVD
added 2025/04/25 1:15 a.m.39 views

CVE-2025-43864

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS0.23628EPSS
Exploits0References3
OSV
OSV
added 2025/04/25 12:18 a.m.7 views

CVE-2025-43864 React Router allows a DoS via cache poisoning by forcing SPA mode

React Router is a router for React. Starting in version 7.2.0 and prior to version 7.5.2, it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the...

7.5CVSS7AI score0.23628EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/04/24 4:31 p.m.20 views

React Router allows a DoS via cache poisoning by forcing SPA mode

Summary After some research, it turns out that it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this...

7.5CVSS6.9AI score0.23628EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2025/04/24 4:31 p.m.4 views

GHSA-F46R-RW29-R322 React Router allows a DoS via cache poisoning by forcing SPA mode

Summary After some research, it turns out that it is possible to force an application to switch to SPA mode by adding a header to the request. If the application uses SSR and is forced to switch to SPA, this causes an error that completely corrupts the page. If a cache system is in place, this...

7.5CVSS7.1AI score0.23628EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2025/04/24 3:23 a.m.1 views

SUSE CVE-2025-46393

In multispectral MIFF image processing in ImageMagick before 7.1.1-44, packetsize is mishandled related to the rendering of all channels in an arbitrary order...

5.7CVSS7AI score0.00345EPSS
Exploits0References7
Rows per page
Query Builder