CVE-2025-53354

NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inpu...

CVE-2025-53354

NiceGUI is affected by a Cross-Site Scripting (XSS) vulnerability when rendering unescaped user input into the DOM via ui.html() (and related HTML content in ui.chat_message). Versions 2.24.2 and below are vulnerable; the issue stems from not sanitizing HTML/JavaScript inputs. Applications that c...

PT-2025-40595

Name of the Vulnerable Software and Affected Versions NiceGUI versions prior to 3.0.0 Description NiceGUI, a Python-based UI framework, is susceptible to Cross-Site Scripting XSS when developers render unescaped user input into the DOM using ui.html. The framework did not enforce HTML or JavaScri...

CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

CVE-2024-23634 GeoServer arbitrary file renaming vulnerability in REST Coverage/Data Store API

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST...

Security update for webkit2gtk3 (important)

openSUSE Security Update: Security update for webkit2gtk3 Announcement ID: openSUSE-SU-2019:1766-1 Rating: important References: 1133291 1135715 Cross-References: CVE-2019-6237 CVE-2019-8571 CVE-2019-8583 CVE-2019-8584 CVE-2019-8586 CVE-2019-8587 CVE-2019-8594 CVE-2019-8595 CVE-2019-8596...

Linux util-linux local elevation of privilege vulnerability

util-linux is a set of software packages used in Linux systems and contains a variety of system administration tools, it provides tools to load, unload, format, partition and manage hard drives, open tty ports and get kernel messages. A local boost vulnerability exists in version 2.24.2 of...

Updated util-linux packages fix CVE-2014-9114

Updated util-linux packages fix security vulnerability: Sebastian Krahmer reported a command injection flaw in blkid. This could possibly result in command execution with root privileges CVE-2014-9114. The util-linux package has been updated to version 2.24.2 and patched to fix this issue and oth...

Vinagre < 2.24.2 show_error() Remote Format String PoC

No description provided by source. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Core Security Technologies - CoreLabs Advisory http://www.coresecurity.com/corelabs/ Vinagre showerror format string vulnerability 1. Advisory Information Title: Vinagre showerror format string vulnerability Advisory...