6685 matches found
Red Hat Advanced Cluster Management 跨站脚本漏洞
Red Hat Advanced Cluster Management is a console cluster control software from Red Hat, Inc. A cross-site scripting vulnerability exists in Red Hat Advanced Cluster Management, which stems from the fact that when a table view is rendered in a portal, the front-end generates a DOM table element an...
Reflected Cross-Site Scripting (Reflected XSS)
silverstripe/framework is vulnerable to Reflected Cross-Site Scripting Reflected XSS. The vulnerability is due to the "dev" environment mode improperly rendering error messages, allowing an attacker to execute XSS payloads by providing a malicious URL...
DEBIAN-CVE-2024-57844
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drmdeventer/drmdevexit. This fixes the followin...
Server-side Request Forgery (SSRF)
Overview hillelcoren/invoice-ninja is an Invoices, expenses & time-tracking built with Laravel Affected versions of this package are vulnerable to Server-side Request Forgery SSRF through the PDF rendering functionality. Remediation Upgrade hillelcoren/invoice-ninja to version 5.11.8 or higher...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...
SUSE-SU-2025:0104-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: - CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...
CVE-2025-23025
CVE-2025-23025 affects XWiki Platform due to the Realtime WYSIWYG Editor extension. A user with only edit rights can join a realtime session where other users have script or programming rights and insert script rendering macros that execute for those users, potentially enabling elevation of privi...
XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing
Impact NOTE: The Realtime WYSIWYG Editor extension was experimental, and thus not recommended, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only edit right can join a realtime editing session where...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...
SUSE-SU-2025:0096-1 Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: - CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash - CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...
PT-2025-4772 · Xwiki · Xwiki Platform
Name of the Vulnerable Software and Affected Versions: XWiki Platform versions prior to 15.10.2 XWiki Platform versions prior to 16.4.1 XWiki Platform versions prior to 16.6.0-rc-1 Description: A user with only edit right can join a realtime editing session where others have script or programming...
Important: Red Hat Security Advisory: webkit2gtk3 security update
An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the drmmodevrefresh function of the drm/modes module that may divide by zero...
Security update for webkit2gtk3
This update for webkit2gtk3 fixes the following issues: Update to version 2.46.5 bsc1234851: Security fixes: CVE-2024-54479: Processing maliciously crafted web content may lead to an unexpected process crash CVE-2024-54502: Processing maliciously crafted web content may lead to an unexpected...
DEBIAN-CVE-2024-56777
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stigdpatomiccheck The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...
DEBIAN-CVE-2024-56776
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure...
UBUNTU-CVE-2024-56777
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in stigdpatomiccheck The return value of drmatomicgetcrtcstate needs to be checked. To avoid use of error pointer 'crtcstate' in case of the failure. drm/sti: avoid potential...
[SECURITY] Fedora 41 Update: mupdf-1.24.6-4.fc41
MuPDF is a lightweight PDF viewer and toolkit written in portable C. The renderer in MuPDF is tailored for high quality anti-aliased graphics. MuPDF renders text with metrics and spacing accurate to within fractions of a pixel for the highest fidelity in reproducing the look of a printed page on...
PT-2025-3825 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 17.2 through 17.6.4 GitLab CE/EE versions 17.7 through 17.7.3 GitLab CE/EE versions 17.8 through 17.8.1 Description: An issue has been discovered in GitLab CE/EE, where improper rendering of certain file types leads to...
[SECURITY] Fedora 40 Update: webkitgtk-2.46.5-1.fc40
WebKitGTK is the port of the WebKit web rendering engine to the GTK platform...