The ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment...
5.3CVSS
7.1AI Score
0.0005EPSS
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code...
7.8CVSS
8AI Score
0.002EPSS
ARK library allows attackers to execute remote code via the parameter(path value) of Ark_NormalizeAndDupPAthNameW function because of an integer...
8.8CVSS
8.9AI Score
0.002EPSS
A heap overflow issue was found in ARK library of bandisoft Co., Ltd when the Ark_DigPathA function parsed a file path. This vulnerability is due to missing support for string length...
7.8CVSS
7.7AI Score
0.001EPSS
An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless...
9.8CVSS
9.4AI Score
0.003EPSS
In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extraction directory, as demonstrated by a write operation to a user's home...
3.3CVSS
3.6AI Score
0.002EPSS
In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory...
3.3CVSS
3.6AI Score
0.001EPSS
ark before 16.12.1 might allow remote attackers to execute arbitrary code via an executable in an archive, related to associated...
7.8CVSS
7.8AI Score
0.016EPSS
Directory traversal vulnerability in Ark 4.7.x and earlier allows remote attackers to delete and force the display of arbitrary files via .. (dot dot) sequences in a zip...
6.5AI Score
0.009EPSS
Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in (1) the cfg_vcard_path parameter to src/vcard_inc.php or (2) the cfg_phpmailer_path parameter to src/email_inc.php. NOTE: the ark_inc.php vector is already...
7.8AI Score
0.006EPSS
PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path...
7.7AI Score
0.088EPSS