6682 matches found
GHSA-3QXH-P7JC-5XH6 Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. For instance, ?text= would trigger XSS here. js const text = createResource = return new...
The vulnerability of components such as DRM, AMDGPU, and CPU cores in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of DRM/AMDGPU/CPU cores in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of DRM/VMWGFX components in Linux kernel allows a perpetrator to trigger a service failure.
The vulnerability of DRM/VMWGFX components in Linux operating systems is related to memory corruption. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of components such as DRM, AMDGPU, and CPU cores in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of DRM/amdgpu/PM components in the Linux operating system is related to pointer aliasing. Exploiting this vulnerability can allow a hacker to trigger a service failure...
CVE-2025-27109
solid-js is a declarative, efficient, and flexible JavaScript library for building user interfaces. In affected versions Inserts/JSX expressions inside illegal inlined JSX fragments lacked escaping, allowing user input to be rendered as HTML when put directly inside JSX fragments. This issue has...
Vulnerability of the v3d_irq() function in the drivers/gpu/drm/v3d/v3d_irq.c module – This driver provides support for the Direct Rendering Infrastructure (DRI) of the Linux operating system’s kernel. It allows a hacker to cause a service failure.
Vulnerability of the v3dirq function in the drivers/gpu/drm/v3d/v3dirq.c module – The Linux kernel’s Direct Rendering Infrastructure DRI driver support code contains errors. Exploiting this vulnerability could allow an attacker to cause a system failure...
The vulnerability of Linux operating system’s DRM/AMDGPU cores allows a hacker to trigger a service failure.
The vulnerability of DRM/AMDGPU cores in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow a hacker to trigger a service failure...
The vulnerability of Linux operating system’s DRM/AMD/AMDGPU kernel components, which allows a hacker to trigger a service failure.
The vulnerability of Linux operating system’s DRM/AMD/AMDGPU cores relates to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to trigger a service failure...
The vulnerability of components related to DRM, AMD, and display kernels in the Linux operating system allows a hacker to trigger a service failure.
The vulnerability of the DRM/amd/display components in the Linux operating system is related to improper error handling. Exploiting this vulnerability can allow an attacker to cause a service failure...
[SECURITY] Fedora 41 Update: webkitgtk-2.46.6-1.fc41
WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...
Fedora 41 : webkitgtk (2025-3e8ed13bf0)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-3e8ed13bf0 advisory. Update to WebKitGTK 2.46.6: Fix a crash when enabling Skia CPU rendering. Fix several crashes and rendering issues. Fix CVE-2024-54543,...
jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods
A flaw was found in jQuery. HTML containing \ elements from untrusted sources are passed, even after sanitizing, to one of jQuery's DOM manipulation methods, which may execute untrusted code. The highest threat from this vulnerability is to data confidentiality and integrity...
Vulnerability of components of DRM/i915/gem in Linux kernel, allowing a hacker to trigger a service failure
The vulnerability of the DRM/i915/gem components of the Linux operating system is related to memory corruption. Exploiting this vulnerability can allow a hacker to cause a service failure...
DEBIAN-CVE-2024-57950
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize denominator defaults to 1 WHAT & HOW Variables, used as denominators and maybe not assigned to other values, should be initialized to non-zero to avoid DIVIDEBYZERO, as reported by Coverity. cherry...
CVE-2025-0314
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.6.4, 17.7 before 17.7.3, and 17.8 before 17.8.1. Improper rendering of certain file types lead to cross-site scripting...
CVE-2022-24718
ssr-pages is an HTML page builder for the purpose of server-side rendering SSR. In versions prior to 0.1.4, a path traversal issue can occur when providing untrusted input to the svg property as an argument to the buildMessagePageOptions function. While there is no known workaround at this time,...
CVE-2022-31127
NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.:...
CVE-2022-31176
Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser Chromium/Chrome. An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized fil...
CVE-2020-15092
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Mos...