Lucene search
K

6681 matches found

Zero Day Initiative
Zero Day Initiative
added 2025/03/18 12:0 a.m.10 views

Apple SceneKit Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple SceneKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the renderi...

3.3CVSS5.8AI score0.00327EPSS
Exploits0References1
Rockylinux
Rockylinux
added 2025/03/17 8:16 p.m.4 views

poppler security update

An update is available for poppler. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Poppler is a Portable Document Format PDF rendering library, used by...

7.5CVSS6.5AI score0.00785EPSS
Exploits0
OSV
OSV
added 2025/03/17 8:16 p.m.14 views

RLSA-2024:9167 Moderate: poppler security update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: pdfinfo: crash in broken documents when using -dests parameter CVE-2024-6239 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

7.5CVSS6.5AI score0.00785EPSS
Exploits0References2
OSV
OSV
added 2025/03/17 1:2 p.m.1 views

USN-7353-1 plantuml vulnerability

Tobias S. Fink discovered that PlantUML was susceptible to cross-site scripting attacks XSS in instances where SVG images were rendered. An attacker could possibly use this issue to cause PlantUML to crash, resulting in a denial of service, or the execution of arbitrary code...

9.3CVSS6.1AI score0.01779EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/03/17 1:43 a.m.31 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

10CVSS7.5AI score0.0424EPSS
Exploits4References2
Fedora
Fedora
added 2025/03/17 1:38 a.m.15 views

[SECURITY] Fedora 41 Update: kitty-0.40.0-2.fc41

Offloads rendering to the GPU for lower system load and buttery smooth scrolling. Uses threaded rendering to minimize input latency. - Supports all modern terminal features: graphics images, unicode, true-col or, OpenType ligatures, mouse protocol, focus tracking, bracketed paste and several new...

4.4CVSS4.9AI score0.00384EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.4 views

The vulnerability of the drm_dp_mst_up_req_work() function in the driver drivers/gpu/drm/display/drm_dp_mst_topology.c, which supports the Direct Rendering Infrastructure (DRI) of the Linux operating system’s kernel, allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the drmdpmstupreqwork function in the driver drivers/gpu/drm/display/drmdpmsttopology.c, which is part of the Direct Rendering Infrastructure DRI support for the Linux kernel, relates to the assignment of the NULL pointer. Exploiting this vulnerability could allow an attacker...

7.8CVSS6.5AI score0.00215EPSS
Exploits0References16Affected Software6
Snyk
Snyk
added 2025/03/12 4:43 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper input sanitization in the rendering of web pages. An attacker can inject malicious scripts by submitting crafted input that is improperly sanitized before being included in the output HTML. Detai...

6.1CVSS5.3AI score0.00512EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/03/11 12:0 a.m.6 views

The vulnerability of the Web page rendering module in the Safari browser of the WebKit operating systems for macOS, iOS, iPadOS, VisionOS, tvOS, and WatchOS allows attackers to circumvent security restrictions and gain unauthorized access to protected information.

The vulnerability of the Web page rendering module in Safari web browsers for macOS, iOS, iPadOS, VisionOS, tvOS, and WatchOS lies in insufficient protection of service data. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to...

5CVSS6.9AI score0.00579EPSS
Exploits0References11Affected Software8
BDU FSTEC
BDU FSTEC
added 2025/03/11 12:0 a.m.3 views

The vulnerability of the Web page rendering module in the Safari browser of the WebKit framework in operating systems macOS, iOS, iPadOS, visionOS, tvOS, and watchOS allows a hacker to trigger a service failure.

The vulnerability of the Web page rendering module in Safari browsers of macOS, iOS, iPadOS, VisionOS, tvOS, and WatchOS operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

5CVSS6.7AI score0.00409EPSS
Exploits0References12Affected Software10
Microsoft CVE
Microsoft CVE
added 2025/03/08 8:0 a.m.5 views

drm/modes: Avoid divide by zero harder in drm_mode_vrefresh()

...

5.5CVSS7.4AI score0.00244EPSS
Exploits0
OSV
OSV
added 2025/03/06 5:15 p.m.1 views

DEBIAN-CVE-2024-58086

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Stop active perfmon if it is being destroyed If the active performance monitor v3d-activeperfmon is being destroyed, stop it first. Currently, the active perfmon is not stopped during destruction, leaving the...

5.5CVSS5.5AI score0.00167EPSS
Exploits0References1
Hacker One
Hacker One
added 2025/03/06 5:4 p.m.1494 views

Autodesk: SSRF in Autodesk Rendering leading to account takeover

A server side request forgery SSRF vulnerability was discovered in Autodesk Rendering. The vulnerability could have allowed an attacker to gain control of a victim's account while they were logged in. Autodesk has fixed the vulnerability...

7.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/05 11:8 a.m.7 views

CVE-2025-0475

An issue has been discovered in GitLab CE/EE affecting all versions from 15.10 prior to 17.7.6, 17.8 prior to 17.8.4, and 17.9 prior to 17.9.1. A proxy feature could potentially allow unintended content rendering leading to XSS under specific circumstances...

8.7CVSS5.8AI score0.00464EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/05 12:58 a.m.7 views

CVE-2024-57240

A Cross-Site Scripting XSS vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file...

5.4CVSS6AI score0.00245EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2012-2383

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in the i915gemexecbuffer2 function in drivers/gpu/drm/i915/i915gemexecbuffer.c in the Direct Rendering Manager DRM subsystem in the Linux kerne...

4.9CVSS5.7AI score0.00458EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/03/04 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2013-7445

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Direct Rendering Manager DRM subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager GEM objects, which allows...

7.8CVSS7.2AI score0.02728EPSS
Exploits0References3
Snyk
Snyk
added 2025/03/03 7:48 p.m.1 views

Cross-site Scripting (XSS)

Overview org.webjars.bower:jsondiffpatch is a JSON diff & patch object and array diff, text diff, multiple output formats Affected versions of this package are vulnerable to Cross-site Scripting XSS via HtmlFormatter::nodeBegin. An attacker can inject malicious scripts into HTML payloads that may...

4.7CVSS5.8AI score0.0028EPSS
Exploits0References2
NVD
NVD
added 2025/03/03 5:15 p.m.11 views

CVE-2024-57240

A Cross-Site Scripting XSS vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file...

5.4CVSS0.00245EPSS
Exploits1References1
OSV
OSV
added 2025/03/03 5:15 p.m.6 views

CVE-2024-57240

A Cross-Site Scripting XSS vulnerability in the Rendering Engine component in Apryse WebViewer v11.1 and earlier allows attackers to execute arbitrary code via a crafted PDF file...

5.4CVSS6AI score0.00245EPSS
Exploits1References1
Rows per page
Query Builder