Lucene search
K

6682 matches found

OSV
OSV
added 2025/02/25 5:49 p.m.2 views

GHSA-3QXH-P7JC-5XH6 Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...

7.3CVSS5.8AI score0.00303EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/02/25 5:49 p.m.22 views

Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)

Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...

7.3CVSS5.8AI score0.00303EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.4 views

The vulnerability of components such as DRM, AMDGPU, and CPU cores in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of DRM/AMDGPU/CPU cores in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00212EPSS
Exploits0References28Affected Software5
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.6 views

The vulnerability of DRM/VMWGFX components in Linux kernel allows a perpetrator to trigger a service failure.

The vulnerability of DRM/VMWGFX components in Linux operating systems is related to memory corruption. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.1AI score0.00215EPSS
Exploits0References17Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/02/24 12:0 a.m.4 views

The vulnerability of components such as DRM, AMDGPU, and CPU cores in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of DRM/amdgpu/PM components in the Linux operating system is related to pointer aliasing. Exploiting this vulnerability can allow a hacker to trigger a service failure...

5.5CVSS6.4AI score0.00212EPSS
Exploits0References30Affected Software5
NVD
NVD
added 2025/02/21 10:15 p.m.8 views

CVE-2025-27109

solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...

7.3CVSS0.00303EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/19 12:0 a.m.6 views

Vulnerability of the v3d_irq() function in the drivers/gpu/drm/v3d/v3d_irq.c module – This driver provides support for the Direct Rendering Infrastructure (DRI) of the Linux operating system’s kernel. It allows a hacker to cause a service failure.

Vulnerability of the v3dirq function in the drivers/gpu/drm/v3d/v3dirq.c module – The Linux kernel’s Direct Rendering Infrastructure DRI driver support code contains errors. Exploiting this vulnerability could allow an attacker to cause a system failure...

4.7CVSS6.5AI score0.00178EPSS
Exploits0References22Affected Software5
BDU FSTEC
BDU FSTEC
added 2025/02/18 12:0 a.m.6 views

The vulnerability of Linux operating system’s DRM/AMDGPU cores allows a hacker to trigger a service failure.

The vulnerability of DRM/AMDGPU cores in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow a hacker to trigger a service failure...

5.5CVSS6.5AI score0.0024EPSS
Exploits0References32Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/02/18 12:0 a.m.3 views

The vulnerability of Linux operating system’s DRM/AMD/AMDGPU kernel components, which allows a hacker to trigger a service failure.

The vulnerability of Linux operating system’s DRM/AMD/AMDGPU cores relates to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to trigger a service failure...

5.5CVSS6.6AI score0.00235EPSS
Exploits0References30Affected Software6
BDU FSTEC
BDU FSTEC
added 2025/02/18 12:0 a.m.5 views

The vulnerability of components related to DRM, AMD, and display kernels in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the DRM/amd/display components in the Linux operating system is related to improper error handling. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.4AI score0.00228EPSS
Exploits0References23Affected Software5
Fedora
Fedora
added 2025/02/15 2:37 a.m.12 views

[SECURITY] Fedora 41 Update: webkitgtk-2.46.6-1.fc41

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

8.8CVSS6.9AI score0.02902EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/02/15 12:0 a.m.14 views

Fedora 41 : webkitgtk (2025-3e8ed13bf0)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3e8ed13bf0 advisory. Update to WebKitGTK 2.46.6: Fix a crash when enabling Skia CPU rendering. Fix several crashes and rendering issues. Fix CVE-2024-54543,...

8.8CVSS7.3AI score0.02902EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/02/12 7:6 a.m.4 views

jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods

A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...

6.9CVSS6.6AI score0.8383EPSS
Exploits6References6
BDU FSTEC
BDU FSTEC
added 2025/02/12 12:0 a.m.5 views

Vulnerability of components of DRM/i915/gem in Linux kernel, allowing a hacker to trigger a service failure

The vulnerability of the DRM/i915/gem components of the Linux operating system is related to memory corruption. Exploiting this vulnerability can allow a hacker to cause a service failure...

5.5CVSS6.4AI score0.00256EPSS
Exploits3References45Affected Software6
OSV
OSV
added 2025/02/10 4:15 p.m.1 views

DEBIAN-CVE-2024-57950

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 WHAT & HOW Variables, used as denominators and maybe not assigned to other values, should be initialized to non-zero to avoid DIVIDEBYZERO, as reported by Coverity. cherry...

5.5CVSS5.5AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/06 2:16 a.m.4 views

CVE-2025-0314

An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting...

8.7CVSS8.3AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:41 p.m.9 views

CVE-2022-24718

ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...

7.6CVSS6.5AI score0.01113EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:25 p.m.9 views

CVE-2022-31127

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...

7.1CVSS6.6AI score0.00901EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:24 p.m.6 views

CVE-2022-31176

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...

8.3CVSS6.7AI score0.0087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 2:56 p.m.7 views

CVE-2020-15092

In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Mos...

7.2CVSS5.7AI score0.0106EPSS
Exploits0
Rows per page
Query Builder