[SECURITY] Fedora 44 Update: perl-Imager-1.031-1.fc44

Imager is a module for creating and altering images. It can read and write various image formats, draw primitive shapes like lines,and polygons, blend multiple images together in various ways, scale, crop, render text and more...

GO-2026-4326 Mattermost is vulnerable to DoS due to infinite re-renders on API errors in github.com/mattermost/mattermost-server

Mattermost is vulnerable to DoS due to infinite re-renders on API errors in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive...

CVE-2025-14435

Mattermost versions 10.11.x = 10.11.8, 11.1.x = 11.1.1, 11.0.x = 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops...

GHSA-MX8M-V8QM-XWR8 Mattermost is vulnerable to DoS due to infinite re-renders on API errors

Mattermost versions 10.11.x = 10.11.8, 11.1.x = 11.1.1, 11.0.x = 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops...

CVE-2025-14435

Mattermost versions 10.11.x = 10.11.8, 11.1.x = 11.1.1, 11.0.x = 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops...

EUVD-2026-2916

Mattermost versions 10.11.x = 10.11.8, 11.1.x = 11.1.1, 11.0.x = 11.0.6 fail to prevent infinite re-renders on API errors which allows authenticated users to cause application-level DoS via triggering unbounded component re-render loops...

CVE-2026-1011 Stored Cross-Site Scripting in Altium Live Support Center Comment Endpoint

A stored cross-site scripting XSS vulnerability exists in the Altium Support Center AddComment endpoint due to missing server-side input sanitization. Although the client interface applies HTML escaping, the backend accepts and stores arbitrary HTML and JavaScript supplied via modified POST...

EUVD-2025-203712

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 "drm/mediatek: Add AFBC support to Mediatek DRM driver" added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modifier. However, this is...

CVE-2025-55032

Mozilla Focus for iOS contains a vulnerability where Content-Disposition headers of type Attachment are not respected, causing content to display inline and enabling cross-site scripting (XSS) for Focus for iOS versions prior to 142. Multiple connected sources corroborate this issue and point to ...

[SECURITY] Fedora 40 Update: weasyprint-61.2-1.fc40

WeasyPrint can render HTML and CSS to PDF. It aims to support web standards for printing...

PT-2022-10685 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: It was discovered that Kibana was not sanitizing document fields containing HTML snippets. An attacker with the ability to write documents to an Elasticsearch index could inject HTML. When t...

Scullyio Scully 注入漏洞

Scullyio Scully is a Typescript-based software for building Angular applications organized by Scullyio.Scully pre-renders every page in the application as plain HTML and CSS.To do this, Scully uses guessjs to find all the routes in the project. Scully then accesses each route, renders the view an...

Uploadify 3.1 Cross Site Scripting

Affected software: Type of vulnerability: URL: http://www.uploadify.com/ Discovered by: Provensec Website: http://www.provensec.com version 3.1 Proof of concept uploadify.swf?movieName=%22catcheif!window.xwindow.x=1;confirm%27XSS%27//&.swf demo...

CVE-2005-3895

Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary w...

Sandbox filter, tag and function allow-list bypass when sandbox state changes between renders

More info at https://symfony.com/blog/cve-2026-46636-sandbox-filter-tag-and-function-allow-list-bypass-when-sandbox-state-changes-between-renders...