KodExplorer - Cross-Site Scripting

KodExplorer is susceptible to a reflected cross-site scripting XSS vulnerability in the file view functionality.The vulnerability exists in app/template/api/view.html where user-supplied input in the 'path' parameter is directly echoed without proper sanitization.This allows attackers to inject...

CVE-2020-36646

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading...

CVE-2023-36646

creationtimestamp| type| source ---|---|--- 2024-01-01 15:07:00+00:00| seen| https://t.me/ctinow/161328...

CVE-2023-36646

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation...

CVE-2023-36646

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation...

CVE-2023-36646

CVE-2023-36646 affects ProLion CryptoSpike 3.0.15P2. The issue is incorrect user role checking in multiple REST API endpoints, enabling a remote attacker with low privileges to call privileged functions and achieve privilege escalation via REST endpoint invocation. The NVD entry rates the impact ...

CVE-2021-36646

creationtimestamp| type| source ---|---|--- 2023-09-06 20:17:48+00:00| seen| https://t.me/cibsecurity/70018 2025-05-21 12:38:29+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-36646.yaml 2025-05-22 21:02:16+00:00| seen|...

CVE-2021-36646

CVE-2021-36646 – KodExplorer 4.45 : Several connected sources confirm a cross-site scripting (XSS) issue. The nuclei template specifies a reflected XSS in the file view functionality, specifically in app/template/api/view.html where the path parameter is echoed unsafely, enabling attacker-supplie...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : ZenLib vulnerability (USN-6048-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6048-1 advisory. It was discovered that ZenLib doesn't check the return value of a specific operation before using it. An attacker could use a specially...

Updated libzen packages fix security vulnerability

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference...

[SECURITY] [DLA 3290-1] libzen security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3290-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz January 29, 2023 https://wiki.debian.org/LTS -...

CVE-2020-36646

creationtimestamp| type| source ---|---|--- 2023-01-08 06:12:30+00:00| seen| https://t.me/cibsecurity/56120...

CVE-2020-36646

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading...

CVE-2020-36646

ZenLib (MediaArea) up to version 0.4.38 contains a vulnerability in Ztring::Date_From_Seconds_1970_Local where an unchecked return value can trigger a null pointer dereference. The CVE-2020-36646 issue is fixed by upgrading to version 0.4.39, per the patch identified as 6475fcccd37c9cf17e0cfe263b...

CVE-2020-36646

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading...

CVE-2020-36646 MediaArea ZenLib Ztring.cpp Date_From_Seconds_1970_Local unknown vulnerability

A vulnerability classified as problematic has been found in MediaArea ZenLib up to 0.4.38. This affects the function Ztring::DateFromSeconds1970Local of the file Source/ZenLib/Ztring.cpp. The manipulation of the argument Value leads to unchecked return value to null pointer dereference. Upgrading...

GNU LibreDWG Heap Buffer Overflow Vulnerability (CNVD-2021-36646)

LibreDWG is a free C library for reading and writing DWG files. A heap buffer overflow vulnerability exists in GNU LibreDWG version 0.10. An attacker can exploit this vulnerability via the bitreadB ... /... /src/bits.c:135 to exploit the vulnerability and cause a heap buffer overflow...