Lucene search
K

6685 matches found

CNNVD
CNNVD
added 2025/01/20 12:0 a.m.2 views

Red Hat Advanced Cluster Management 跨站脚本漏洞

Red Hat Advanced Cluster Management is a console cluster control software from Red Hat, Inc. A cross-site scripting vulnerability exists in Red Hat Advanced Cluster Management, which stems from the fact that when a table view is rendered in a portal, the front-end generates a DOM table element an...

8.9CVSS8AI score0.00318EPSS
Exploits0References3
Veracode
Veracode
added 2025/01/17 6:37 a.m.5 views

Reflected Cross-Site Scripting (Reflected XSS)

silverstripe/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to the "dev" environment mode improperly rendering error messages, allowing an attacker to execute XSS payloads by providing a malicious URL...

5.8AI score
Exploits0
OSV
OSV
added 2025/01/15 1:15 p.m.2 views

DEBIAN-CVE-2024-57844

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drmdeventer/drmdevexit. This fixes the followin...

5.5CVSS5.7AI score0.00182EPSS
Exploits0References1
Snyk
Snyk
added 2025/01/14 7:45 p.m.1 views

Server-side Request Forgery (SSRF)

Overview hillelcoren/invoice-ninja is an Invoices, expenses & time-tracking built with Laravel Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the PDF rendering functionality. Remediation Upgrade hillelcoren/invoice-ninja to version 5.11.8 or higher...

8.3CVSS7AI score0.00384EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/01/14 6:4 p.m.2 views

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...

8.8CVSS7.5AI score0.21044EPSS
Exploits2References22
OSV
OSV
added 2025/01/14 6:4 p.m.17 views

SUSE-SU-2025:0104-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: - CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...

9.8CVSS7.7AI score0.21044EPSS
Exploits2References12
CVE
CVE
added 2025/01/14 5:42 p.m.88 views

CVE-2025-23025

CVE-2025-23025 affects XWiki Platform due to the Realtime WYSIWYG Editor extension. A user with only edit rights can join a realtime session where other users have script or programming rights and insert script rendering macros that execute for those users, potentially enabling elevation of privi...

9CVSS9.1AI score0.00396EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2025/01/14 4:0 p.m.21 views

XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing

Impact NOTE: The Realtime WYSIWYG Editor extension was experimental, and thus not recommended, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only edit right can join a realtime editing session where...

9CVSS6.7AI score0.00396EPSS
Exploits0References6Affected Software1
SUSE Linux
SUSE Linux
added 2025/01/14 2:13 p.m.1 views

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...

8.8CVSS7.8AI score0.21044EPSS
Exploits2References22
OSV
OSV
added 2025/01/14 2:13 p.m.16 views

SUSE-SU-2025:0096-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: - CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...

9.8CVSS7.6AI score0.21044EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2025/01/14 12:0 a.m.6 views

PT-2025-4772 · Xwiki · Xwiki Platform

Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10.2 XWiki Platform versions prior to 16.4.1 XWiki Platform versions prior to 16.6.0-rc-1 Description: A user with only edit right can join a realtime editing session where others have script or programming...

9CVSS7.4AI score0.00396EPSS
Exploits0References11
RedHat Linux
RedHat Linux
added 2025/01/13 10:22 a.m.17 views

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

8.8CVSS6.9AI score0.14492EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/01/11 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drmmodevrefresh function of the drm/modes module that may divide by zero...

5.5CVSS6.6AI score0.00244EPSS
Exploits0References7
SUSE Linux
SUSE Linux
added 2025/01/09 3:4 p.m.2 views

Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...

8.8CVSS7.9AI score0.21044EPSS
Exploits2References22
OSV
OSV
added 2025/01/08 6:15 p.m.1 views

DEBIAN-CVE-2024-56777

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stigdpatomiccheck The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...

5.5CVSS5.6AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2025/01/08 6:15 p.m.1 views

DEBIAN-CVE-2024-56776

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...

5.5CVSS5.6AI score0.00203EPSS
Exploits0References1
OSV
OSV
added 2025/01/08 6:15 p.m.2 views

UBUNTU-CVE-2024-56777

In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stigdpatomiccheck The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure. drm/sti: avoid potential...

5.5CVSS6.2AI score0.00203EPSS
Exploits0References28
Fedora
Fedora
added 2025/01/08 2:6 a.m.15 views

[SECURITY] Fedora 41 Update: mupdf-1.24.6-4.fc41

MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...

5.5CVSS7.1AI score0.00314EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.3 views

PT-2025-3825 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.2 through 17.6.4 GitLab CE/EE versions 17.7 through 17.7.3 GitLab CE/EE versions 17.8 through 17.8.1 Description: An issue has been discovered in GitLab CE/EE, where improper rendering of certain file types leads to...

8.7CVSS5.7AI score0.00365EPSS
Exploits0References31
Fedora
Fedora
added 2025/01/04 2:44 a.m.12 views

[SECURITY] Fedora 40 Update: webkitgtk-2.46.5-1.fc40

WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...

8.8CVSS6.9AI score0.14492EPSS
Exploits1
Rows per page
Query Builder