CVE-2025-8217

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217 Inert Malicious script injected into Amazon Q Developer Visual Studio Code (VS Code) Extension

The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains inert, injected code designed to call the Q Developer CLI. The code executes when the extension is launched within the VS Code environment; however the injected code contains a syntax error which prevents it from making ...

CVE-2025-8217

CVE-2025-8217 documents describe a vulnerability in the Amazon Q Developer VS Code extension. The v1.84.0 extension contains inert, injected code intended to call the Q Developer CLI, which executes when the extension is launched in VS Code, but the injected code has a syntax error that prevents ...

Breaking Obfuscation: Cluster-Aware Graph with LLM-Aided Recovery for Malicious JavaScript Detection

With the rapid expansion of web-based applications and cloud services, malicious JavaScript code continues to pose significant threats to user privacy, system integrity, and enterprise security. But, detecting such threats remains challenging due to sophisticated code obfuscation techniques and...

PT-2025-31362

Name of the Vulnerable Software and Affected Versions Amazon Q Developer Visual Studio Code VS Code extension version 1.84.0 Description The Amazon Q Developer Visual Studio Code VS Code extension v1.84.0 contains injected code intended to call the Q Developer CLI. This code executes upon extensi...

CVE-2025-53835

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

Cross-site Scripting (XSS)

Overview org.xwiki.rendering:xwiki-rendering-syntax-xhtml is a library for the XWiki Rendering Engine Affected versions of this package are vulnerable to Cross-site Scripting XSS via dependency on xdom+xml/current syntax. An attacker can execute arbitrary JavaScript code in the context of the...

CVE-2025-53835 XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

XWiki Rendering is a generic rendering system that converts textual input in a given syntax wiki syntax, HTML, etc into another syntax XHTML, etc. Starting in version 5.4.5 and prior to version 14.10, the XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks...

CVE-2025-53835

XWiki Rendering (org.xwiki.rendering) is affected in versions 5.4.5 up to, but not including, 14.10 due to a dependency of the XHTML syntax on xdom+xml/current, which permits creation of raw blocks that can insert arbitrary HTML/JavaScript and enable XSS when users can edit content (e.g., profile...

XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

Impact The XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks that permit the insertion of arbitrary HTML content including JavaScript. This allows XSS attacks for users who can edit a document like their user profile enabled by default. The attack works ...

GHSA-W3WH-G4M9-783P XWiki Rendering is vulnerable to XSS attacks through insecure XHTML syntax

Impact The XHTML syntax depended on the xdom+xml/current syntax which allows the creation of raw blocks that permit the insertion of arbitrary HTML content including JavaScript. This allows XSS attacks for users who can edit a document like their user profile enabled by default. The attack works ...

XWiki Rendering 安全漏洞

XWiki Rendering is a general-purpose rendering system from the XWiki Foundation that converts text input from a given syntax wiki syntax, HTML, etc. to another syntax XHTML, etc.. A security vulnerability exists in XWiki Rendering versions prior to 5.4.5 through 14.10, which stems from the XHTML...

PT-2025-29523 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 5.4.5 through 14.9 Description: XWiki Rendering, a system for converting textual input into different syntaxes, contains a flaw. Prior to version 14.10, the XHTML syntax relied on the xdom+xml/current syntax, enabling the...

ROS-20250703-02

A vulnerability in the Go programming language is related to improper syntax correctness checking of input. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service...

AppleAVD AV1_Syntax::Parse_Header Integer Underflow / Out-Of-Bounds Read

There is an issue in AppleAVD kernel extension with decoding AV1 video files that could potentially be used to read out-of bound data or potentially cause a kernel crash when rendering a malformed video file. The issue was observed on macOS Sonoma 14.5...

CVE-2025-49853

CVE-2025-49853 affects ControlID iDSecure On-premises versions 4.7.48.0 and prior. Root cause is an SQL injection vulnerability that could leak arbitrary information and allow insertion of arbitrary SQL syntax into queries, impacting confidentiality and integrity (CVSS 3.1/4.0 CRITICAL). Remediat...

emacs security update

1:27.2-14.el96.2 - Restore definition of variable 'enable-dir-local-variables' RHEL-92653 1:27.2-14.el96.1 - Bump Z-stream release 1:27.2-14 - Fix arbitrary code execution via Lisp macro expansion RHEL-69399 1:27.2-13 - Bump release 1:27.2-12 - Eliminate use of obsolete patch syntax RHEL-80443...

Semantic-Aware Parsing for Security Logs

Security analysts struggle to quickly and efficiently query and correlate log data due to the heterogeneity and lack of structure in real-world logs. Existing AI-based parsers focus on learning syntactic log templates but lack the semantic interpretation needed for querying. Directly querying lar...

postgresql security update

9.2.24-9.0.5 - Resolves CVE-2025-1094: Improper neutralization of quoting syntax in certain - libpq functions Orabug: 37843176...

CVE-2025-45525

A NULL pointer dereference vulnerability has been identified in the JavaScript library microlight version 0.0.7, a lightweight syntax highlighting library. When processing elements with non-standard CSS color values, the library fails to validate the result of a regular expression match before...