6626 matches found
BentoML 安全漏洞
BentoML is an open-source model service library developed by BentoML. It is used to build high-performance and scalable artificial intelligence applications using Python. Versions of BentoML prior to 1.4.38 contained a security vulnerability. This vulnerability stemmed from the Dockerfile...
Electron 资源管理错误漏洞
Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 33.0.0-alpha.1,...
PT-2026-30654
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo function in queries.js renders data.upstream, data.client.ip, and data.ede.text into HTML without escaping when a user expands a...
Comprehensive List of User Deception Techniques in Emails
Email remains a central communication medium, yet its long-standing design and interface conventions continue to enable deceptive attacks. This research note presents a structured list of 42 email-based deception techniques, documented with 64 concrete example implementations, organized around th...
drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
...
Linux Distros Unpatched Vulnerability : CVE-2026-23468
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries via the bonumber field. Although...
Linux Distros Unpatched Vulnerability : CVE-2026-23470
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/imagination: Fix deadlock in soft reset sequence The soft reset sequence is currently executed from the threaded IRQ handler, hence it cannot call disableir...
CVE-2026-34774
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...
Electron 资源管理错误漏洞
Electron is a JavaScript framework developed by users for creating cross-platform desktop applications under the open-source license. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to...
CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...
CVE-2026-34774
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...
CVE-2026-34774 Electron: Use-after-free in offscreen child window paint callback
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 39.8.1, 40.7.0, and 41.0.0, apps that use offscreen rendering and allow child windows via window.open may be vulnerable to a use-after-free. If the parent offscreen WebContent...
CVE-2026-34774
Electron is affected when apps use offscreen rendering (webPreferences.offscreen: true) and allow child windows via window.open(). In such cases, if the parent offscreen WebContents is destroyed while a child window remains open, subsequent paint frames on the child can dereference freed memory, ...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the markdown to HTML rendering. An attacker can inject arbitrary scripts by crafting malicious links or image links in markdown content, which may be executed in the context of users viewing the rendered HTM...
SUSE CVE-2026-23418
In the Linux kernel, the following vulnerability has been resolved: drm/xe/regsr: Fix leak on xastore failure Free the newly allocated entry when xastore fails to avoid a memory leak on the error path. v2: use goto failfree. Bala cherry picked from commit 6bc6fec71ac45f52db609af4e62bdb96b9f5fadb...
Use After Free
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Use After Free in the release callback of the paint event, when offscreen rendering with GPU shared textures is enabled. An...
Electron: Use-after-free in offscreen shared texture release() callback
Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main...
GHSA-8X5Q-PVF5-64MP Electron: Use-after-free in offscreen shared texture release() callback
Impact Apps that use offscreen rendering with GPU shared textures may be vulnerable to a use-after-free. Under certain conditions, the release callback provided on a paint event texture can outlive its backing native state, and invoking it after that point dereferences freed memory in the main...
CVE-2026-28797 RAGFlow: Server-Side Template Injection (SSTI) leading to Remote Code Execution (RCE) in Agent "Text Processing" Component
RAGFlow is an open-source RAG Retrieval-Augmented Generation engine. In versions 0.24.0 and prior, a Server-Side Template Injection SSTI vulnerability exists in RAGFlow's Agent workflow Text Processing StringTransform and Message components. These components use Python's jinja2.Template unsandbox...
CVE-2026-23471
In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free on framebuffers and property blobs when calling drmdevunplug When trying to do a rather aggressive test of igt's "xemoduleload --r reload" with a full desktop environment and game running I noticed a few...