108 matches found
CVE-2026-7715
A vulnerability has been found in ravenwits mcp-server-arangodb up to 0.4.7. This affects the function arangobackup of the file src/tools.ts of the component MCP Interface. Such manipulation of the argument outputDir leads to path traversal. It is possible to launch the attack remotely. The explo...
CVE-2026-40337
The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...
CVE-2026-40337 Sentry kernel has incomplete ownership check for IRQ line manipulation
The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...
EUVD-2026-23603
The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...
CVE-2026-40337
The Sentry kernel is a high security level micro-kernel implementation made for high security embedded systems. A given task with one of the DEV or IO capability is able to interact with another task's IRQ line through the sysint syscall familly. Prior to version 0.4.7, this can lead to DoS and...
@avion-block/usebootstrap (>=4.0.0 <=4.0.3), @base_/ui (=1.0.16) +56 more potentially affected by CVE-2026-34405 via nuxt-og-image (>=0.4.7 <=5.1.2)
nuxt-og-image NPM version =0.4.7, =4.0.0, =0.1.3, =0.1.0, =0.0.1, =1.0.0-29304822.f444f03, =1.6.0, =0.0.17, =0.0.3, =1.7.0, =0.5.0, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2026-34405 Source advisory: OSV:GHSA-MG36-WVCR-M75H...
CVE-2026-1608
The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youtube shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1608
The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youtube shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
EUVD-2026-5739
The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youtube shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2026-1608
The CVE concerns the Video Onclick WordPress plugin with the youtube shortcode. All versions up to and including 0.4.7 are affected due to insufficient input sanitization and output escaping of user-supplied attributes, enabling Stored Cross‑Site Scripting. Exploitation requires authenticated acc...
CVE-2026-1608
The Video Onclick plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's youtube shortcode in all versions up to, and including, 0.4.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
Yahei-PHP Prober 跨站脚本漏洞
Yahei-PHP Prober is a PHP environment checking script by an individual developer in Zhou, China. A cross-site scripting vulnerability exists in Yahei-PHP Prober version 0.4.7, which stems from unvalidated input of the speed parameter in the prober.php file, which could lead to an HTML injection...
CVE-2019-25280 Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions...
CVE-2019-25280
Yahei-PHP Prober 0.4.7 contains a remote HTML injection (XSS) in the speed parameter of prober.php. The vulnerability arises from unvalidated input in the speed GET parameter, allowing an attacker to inject arbitrary HTML that can execute in a user’s browser. Affected software: Yahei-PHP Prober, ...
CVE-2019-25280 Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter
Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions...
PT-2026-1678
Name of the Vulnerable Software and Affected Versions Yahei-PHP Prober version 0.4.7 Description The software contains a remote HTML injection issue that enables attackers to execute arbitrary HTML code. This is achieved by injecting malicious HTML code into the speed GET parameter of the...
EUVD-2018-20832
Malware in sbrugna...
EUVD-2022-29928
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2016-9264
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in the printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service out-of-bounds read via a...
Linux Distros Unpatched Vulnerability : CVE-2016-9265
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The printMP3Headers function in listmp3.c in Libming 0.4.7 allows remote attackers to cause a denial of service divide-by-zero error and application crash via a...